RE: XMLSignature with RSA_MD5 key

Wed, 15 Jun 2005 23:50:55 -0700 

Hi,

Why are you using MD5 alg? It is totally broken and compleatly insecure.
Can you use SHA1 or SHA2 instead?

Best regards,
Milan


> -----Original Message-----
> From: Rafael José Deitos [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, June 15, 2005 4:39 PM
> To: security-dev@xml.apache.org
> Subject: XMLSignature with RSA_MD5 key
> 
> 
> Hi all...
> 
> I'm having problems in signing an 
> "org.apache.axis.message.SOAPEnvelope"
> as an "org.w3c.Document".
> 
> I'm passing a RSAPrivateKey with md5 in the 
> XMLSIgnature.sign() method.
> 
> #########
> iaik.security.rsa.RSAPrivateKey priv =
> new aik.security.rsa.RSAPrivateKey(THE MODULUS, THE EXPONENT);
> 
> xmlSignatureObject.sign(priv);
> 
> #########
> 
> It seems to occur an error saying that the "modulus" of the 
> Key is not positive, but I'm shure it is...
> 
> I don't know what's happening.
> 
> I wonder if anyone could help me to solve the problems...
> 
> Thanks very much for any help...
> 
> 
> THE ERRROR:
> 
> java.lang.ArithmeticException: BigInteger: modulus not positive
>       at java.math.BigInteger.modPow(BigInteger.java:1513)
>       at sun.security.rsa.RSACore.crtCrypt(RSACore.java:137)
>       at sun.security.rsa.RSACore.rsa(RSACore.java:84)
>       at 
> sun.security.rsa.RSASignature.engineSign(RSASignature.java:159)
>       at 
> java.security.Signature$Delegate.engineSign(Signature.java:1131)
>       at java.security.Signature.sign(Signature.java:527)
>       at
> org.apache.xml.security.algorithms.implementations.SignatureBa
> seRSA.engineSign(SignatureBaseRSA.java:130)
>       at
> org.apache.xml.security.algorithms.SignatureAlgorithm.sign(Sig
natureAlgorithm.java:175)
>       at
> org.apache.xml.security.signature.XMLSignature.sign(XMLSignatu
> re.java:582)
>       at testing.TestXMLSig.<init>(TestXMLSig.java:156)
>       at testing.TestXMLSig.main(TestXMLSig.java:246)
> 
> 
> 
> 
> ==============================================
>     Quia natura mutari non potest idcirco
>  verae amicitiae sempiternae sunt - (Horace)
>              RAFAEL J. DEITOS
> Automação - UFSC - Florianópolis - SC - Brazil
>        http://www.das.ufsc.br/~deitos 
> ==============================================
>

Reply via email to