I continued my investigation and I can confirm that IBM XSS4J is using noPadding for algorithm RSA-1_5 (RSA/ECB/NoPadding). I replaced into my XML document the encrypted secret key with noPadding and its works fine.
Seems to be a very critical bug into XSS4J library because all XML documents encrypted with this library can never been decrypted into the future by some others library doing things conform to the XML Encryption Syntax and Processing specifications !!! May be a guys of IBM can confirm that... Regards. Yvan -----Original Message----- From: Berin Lautenbach [mailto:[EMAIL PROTECTED] Sent: jeudi, 30. mars 2006 11:07 To: security-dev@xml.apache.org Cc: [EMAIL PROTECTED] Subject: Re: Problem with rsa-1_5 padding mechanism Hess Yvan wrote: > - Does it means that XML apache security using RSA/ECB/PKCS1Padding is > the correct one and that IBM XSS4J contains a critical bug ? > - Is it right to map RSA 1.5 alg to a Java Cipher "RSA/ECB/PKCS1Padding" > ? PKCS1Padding is the most common form of padding for RSA. There is also OAEP, which is supported within the dsig spec. Using RSA without padding is potentially dangerous - lack of padding can lead to potentially easy to decipher ciphertext when the plain text sizes are small. So to answer your questions - PKCS1 padding is correct, and if XSS4J is uing no padding, it is an error. However I would be surprised if this were the case - would be interesting to understand some background. - Needs to be answered by the more Java minded people, but from memory that is correct. Cheers, Berin
