Re: AW: Re: how to specify JCE provider for XML encryption

[Vishal Mahajan]

Depends on the Sun JDK version being used. AFAIK, 1.4.2 does not support both DESede/CBC/ISO10126Padding or RSA/ECB/PKCS1Padding, but 1.5 does. Regarding instantiating XMLCipher (for performing XML encryption) for a given algorithm and provider combination XMLCipher.getProviderInstance(algorithm, provider) should work, no change to config.xml should be required. Vishal Dittmann, Werner wrote: Alexey, DESede/CBC/ISO10126Padding is support with the Sun provider AFAIK, als the RSA mode. Did you install the unresticted security policy for the Sun provider? if not you may have problems with RSA greater than 512bit AFAIK. Regards, Werner -----Ursprüngliche Nachricht----- Von: news [mailto:[EMAIL PROTECTED]] Im Auftrag von Alexey Gesendet: Montag, 24. Oktober 2005 22:11 An: security-dev@xml.apache.org Betreff: Re: how to specify JCE provider for XML encryption Werner Dittmann <Werner.Dittmann <at> t-online.de> writes: Alexey, I've used such a mechansims in Apache's WSS4J project: - generate a symmetric key, e.g. for 3DES - encrypt some data with this key - uses RSA/ECB/PKCS1Padding to encrypt this symmetric key (not DESedeWarp, this would be used if you encrypt - wrap - a key with e.g. 3DES). Alternatively you may use RSA-OAEP (also provided by BC) to encrypt the generated symmetric key. The module in WSS4J that uses and implements this is WSEncryptEnvelop.java Regards, Werner Hi Werner, My fault - I misspelled. I actually meant "DESede/CBC/ISO10126Padding", which is not a valid cipher in IBMJCE (wrong padding). "RSA/ECB/PKCS1Padding" is not a supported cipher either. BouncyCastle can not be used as a JCE provider in my environment. Thanks, Alexey