> So, does it mean that WSP "keyWrapalgorithm" depends on JDK vendor and
version?
No it should work for both. There are some workarounds for certain JDK's
that use RSA-OAEP in both WSS4J and Santuario though - perhaps you've hit a
use-case that doesn't work. I can't reproduce the problem though.
> Both "encryptionAlgorithm" and "keyWrapAlgorithm" are defined as a
String, so on STS side we can define one values only. Correct?
No, you can define an EncryptionProperties bean per Service as well, by
using the property "encryptionProperties" of the StaticService bean.
> Regardless of "EncryptionProperties" settings on
STS(cxf-encrypted-ut.xml), can override STS settings by specifying both
> <wst:EncryptionAlgorithm> and <wst:KeyWrapAlgorithm> in the client
request?
To set client settings should I use properties("encryption" and
"symmetricKeyWrap" since I am using symmetric bindings)of
org.apache.cxf.ws.security.policy.model.AlgorithmSuite? I mean that I need
to create AlgorithmSuite bean and reference it in client configuration.
CXF does not support these values on the client side afaik.
> Actually setting "keyWrapAlgorithm" to "
http://www.w3.org/2001/04/xmlenc#rsa-1_5"; didn't work. I forgot to restart
Tomcat after I made changes.
> My apologies. At this point, I have to comment out "encryptionProperties"
to get this work.
What error are you seeing? The default value is rsa-1_5 so it shouldn't
make any difference whether it's specified or not.
Colm.
On Wed, Jul 18, 2012 at 1:11 PM, Gina Choi <[email protected]> wrote:
> Hi Colum,
>
> As always, thanks for your response. As you can tell, I don't have much
> knowledge about encryption algorithms, so I have following questions.
>
>
> <<<What JDK vendor and version are you using on the WSP side? Some JDK's
> have
> a problem with the rsa-oaep key wrapping algorithm. Try just using the
> following instead for the "keyWrapAlgorithm" property (this is the default
> which explains why it works when you comment it out):
>
> "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
> >>>
>
> I am using Sun jdk1.6.0_24 on WSP. I uncommented "EncryptionProperties"
> and set "keyWrapalgorithm" to "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
> and it worked. So, does it mean that WSP "keyWrapalgorithm" depends on JDK
> vendor and version?
> Both "encryptionAlgorithm" and "keyWrapAlgorithm" are defined as a String,
> so on STS side we can define one values only. Correct?
>
>
> <<<
> The STS client can also specify other algorithms to use by sending a
> "<wst:EncryptionAlgorithm>...< /wst:EncryptionAlgorithm>" String and/or
> a "<wst:KeyWrapAlgorithm>...</wst:KeyWrapAlgorithm>" String in the request.
> >>>
>
> Regardless of "EncryptionProperties" settings on
> STS(cxf-encrypted-ut.xml), can override STS settings by specifying both
> <wst:EncryptionAlgorithm> and <wst:KeyWrapAlgorithm> in the client request?
>
> To set client settings should I use properties("encryption" and
> "symmetricKeyWrap" since I am using symmetric bindings)of
> org.apache.cxf.ws.security.policy.model.AlgorithmSuite? I mean that I need
> to create AlgorithmSuite bean and reference it in client configuration.
>
> Thanks.
>
> Gina
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
