Cool! Do you mind if we add these to config.xml?
Cheers,
Berin
Pete wrote:
Even though bouncycastle is free, I'd still like to use the IBM JCE
provider in
WebSphere v5. I was able to get it working with the Apache Axis
samples.security (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
updating the
config.xml as follows:
<Provider Id="IBM"
Class="com.ibm.crypto.provider.IBMJCE"
Info="IBM JCE Provider"
ProviderURL="http://www.ibm.com/"; />
i had to guess on these algorithms - there may be more...or less.
i found some documentation here:
http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
l
http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
Maybe someone out there knows enought to make this complete.
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5";
Description="MD5 message digest from RFC 1321"
AlgorithmClass="MessageDigest"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="MD5" />
<ProviderAlgo ProviderId="BC"
JCEName="MD5" />
<ProviderAlgo ProviderId="SUN"
JCEName="MD5" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1";
Description="SHA-1 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1" />
<ProviderAlgo ProviderId="BC"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="SUN"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="SHA-1" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1";
Description="Digital Signature Algorithm with
SHA-1 message
digest"
AlgorithmClass="Signature"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1WithDSA" />
<ProviderAlgo ProviderId="BC"
JCEName="DSA" />
<ProviderAlgo ProviderId="SUN"
JCEName="DSAWithSHA1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="DSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
md5"
Description="RSA Signature with MD5 message
digest"
AlgorithmClass="Signature"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="MD5WithRSA" />
<ProviderAlgo ProviderId="BC"
JCEName="MD5WithRSAEncryption" />
<ProviderAlgo ProviderId="SunRsaSign"
JCEName="MD5WithRSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
Description="RSA Signature with SHA-1 message
digest"
AlgorithmClass="Signature"
RequirementLevel="RECOMMENDED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1withRSA" />
<ProviderAlgo ProviderId="BC"
JCEName="SHA1WithRSAEncryption" />
<ProviderAlgo ProviderId="SunRsaSign"
JCEName="SHA1withRSA" />
<ProviderAlgo ProviderId="IAIK"
JCEName="SHA-1/RSA" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="SHA-1/RSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
md5"
Description="Message Authentication code using
MD5"
AlgorithmClass="Mac"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="HMAC-MD5" />
<ProviderAlgo ProviderId="BC"
JCEName="HMACMD5" />
<ProviderAlgo ProviderId="SunJCE"
JCEName="HmacMD5" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1";
Description="Message Authentication code using
SHA1"
AlgorithmClass="Mac"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="HMAC-SHA1" />
<ProviderAlgo ProviderId="BC"
JCEName="HMACSHA1" />
<ProviderAlgo ProviderId="SunJCE"
JCEName="HmacSHA1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="HMAC/SHA" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="HMAC-SHA-1" />
</Algorithm>
