>> Actually, because of all the problems with Gump (which is/was ignoring >> bouncy castle) I've been doing exactly that. >> The problem I'm running into is that the Sun JCE does not support the >> relaxed version of PKCS5 padding that the Baltimore encryption interop >> examples use. > > Can you be more specific? As of J2SE 1.5 (currently in beta), Sun's JCE > provider supports the ISO 10126 Padding scheme used by XML Encryption. > You need to specify ISO10126Padding as your padding algorithm when > requesting a Cipher instance.
<GRIN>. Yes I was being imprecise. Let me be more specific and give my understanding of where things are! ISO 10126 padding (used by XML encryption) is a more relaxed version of PKCS5 padding, where the padding bytes (other than the last) do not need to reference the padding length. That means that if an encryptor uses PKCS5 padding, the decryptor can use either PKCS5 or ISO 10126. However if the encryptor uses ISO10126, PKCS5 decrypt breaks. As Baltimore interops use true ISO 10126 (with random bytes in the padding block), they do not decrypt using PKCS5 which is all 1.4 supports. I have been using 1.4 JCE because of issues in the Gump builds where BC is not being called (for some reason). I had not looked at 1.5 as I was trying to fix 1.4, and thus the comment above :>. Cheers,
