Re: Question on JCE 1.5 key wraps

Thu, 04 Mar 2004 13:25:25 -0800 

Here are the missing algorithms, please update config.xml
and rerun the tests:

MessageDigest: Provider "SUN" supports MD5, SHA-256, SHA-384, & SHA-512

Signature: Provider "SunJSSE" supports MD5withRSA, SHA1withRSA

MAC: Provider "SunJCE" supports HmacMD5, HmacSHA256, HmacSHA384, HmacSHA512

We do not currently yet support the key wrapping algorithms.

I am not sure why the tests in org.apache.xml.security.test.interop fail
to find SHA1WithRSA, something strange going on there ... when I have
more time I'll look into it.

HTH,
Sean


Davanum Srinivas wrote:
Sean, Berin,

Done. Here's the updated JDK1.5 run after commenting out lib.jce from classpath.libraries.

-- dims

--- Berin Lautenbach <[EMAIL PROTECTED]> wrote:

Just looked in more detail - you also need to install the strong crypto policy files.

Cheers,
        Berin

Davanum Srinivas wrote:


Sean,

Here's my run with JDK1.5 with BC commented out:
http://nagoya.apache.org/~dims/xmlsec-junit/

-- dims

--- Berin Lautenbach <[EMAIL PROTECTED]> wrote:


Sean,

test_five_content_aes128_cbc_kw_aes192
test_five_content_3des_cbc_kw_aes128
test_five_data_aes256_cbc_3des
test_five_data_aes192_cbc_aes256

Basically any interop test where a symmetric key wrap is used. The wrap/unwrap tests work, which leads me to believe that I am calling using the wrong cipher spec for the unwrap cipher.

Unfortunately, the Sun JCE doesn't take AESWrap or DESEDEWrap, only AES or DESEDE, so I *think* what is happening is the JCE is doing a straight encrypt/decrypt rather than an AES Key Unwrap or 3DES based CMS Unwrap respectively.

Anyway - still researching, but all ideas welcome :>.

Cheers,
        Berin

Sean Mullan wrote:


Can you tell me which test vectors are failing?

--Sean

Berin Lautenbach wrote:



Peoples,

I have just checked in a new version of config.xml that works for most encryption algorithms under SunJCE (have not yet checked sig).

One question - I am having issues with symmetric key wraps. The Baltimore interop tests all fail where a symmetric key wrap is used. The BC JCE takes an algorithm of "AESWrap" or "DESEDEWrap" for the unwrap algorithms. The SunJCE , I think, uses "AES" and "DESEde" However I get decryption errors.

Is there something special here that someone is aware of? (Am hoping on of the Sun gurus in the list can help me here :>.)

Cheers,
  Berin






=====
Davanum Srinivas - http://webservices.apache.org/~dims/





=====
Davanum Srinivas - http://webservices.apache.org/~dims/

Reply via email to