Colm O hEigeartaigh created WSS-413:
---------------------------------------
Summary: EncryptedKey security issue with streaming code
Key: WSS-413
URL: https://issues.apache.org/jira/browse/WSS-413
Project: WSS4J
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 2.0
Instead of throwing an exception when encountering a problem in processing an
EncryptedKey, we should instead generate a session key and attempt to decrypt
the EncryptedData structure instead (take a look at the DOM code here). This
prevents timing attacks to see where the error was in processing the key versus
data.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
