AW: WSS4J w/RSA Crypto-J JCE provider

Dittmann, Werner Mon, 10 Oct 2005 23:19:26 -0700

Title: Nachricht

Raymund,

good idea. I'll modify the coding. Seems that I didn't read the

javadoc good enough.

Regards,

Werner

-----Ursprüngliche Nachricht-----
Von: Kramp, Raymund [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 10. Oktober 2005 23:35
An: Dittmann, Werner; [email protected]
Betreff: RE: WSS4J w/RSA Crypto-J JCE provider

Thanks Werner --

For key generation, is it possible to retrieve AES key generators by name, then set the key length with KeyGenerator.init? Most of the examples that I've seen are coded this way.

e.g.

    KeyGenerator keyGen = KeyGenerator.getInstance("AES", "BC");
    keyGen.init(256);

Ray

From: Dittmann, Werner [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 1:50 AM
To: Kramp, Raymund; [email protected]
Subject: AW: WSS4J w/RSA Crypto-J JCE provider

Hi,

I'm just working on that topic to make the provider configurable

because I will need this too :-) - see below

The various OIDs for AES keygen are due different key length

possible with AES. I didn't found keygen names that allow

the 3 possible keylength. The BC provider specified these

using the OIDs (IMO the OIDs and standard OIDs).

Just as a side info: I'm also working on a binding of the BC

provider to the openSSL crypto library. First results are promising:

- for AES, DES, DES3 the openSSL implementation is about

twice as fast (sometimes even more tha 2 times)

- for RSA (tested with NO PADDING), 1024 bit key, the openSSL

crypto is about 3-4 times faster

I'm doing hash and signatures as the next steps.

It has a drawback: it's not a pure Java implementation anymor but

needs the openSSL crypto library plus the JNI code I implemented

as the glue between BC and the openSSL lib.

-----Ursprüngliche Nachricht-----
Von: Kramp, Raymund [mailto:[EMAIL PROTECTED]
Gesendet: Samstag, 8. Oktober 2005 00:54
An: [email protected]
Betreff: WSS4J w/RSA Crypto-J JCE provider

I've recently been using WSS4J with RSA's Crypto-J 3.5 (JsafeJCE) provider. I've been able to get it working fine, but have some questions...

1) In WSSecurityUtil.getCipherInstance, there's hard-coded references to the BC provider:

cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC");

I patched this class to use an algorithm from JsafeJCE. Is this a bug, or is there another way that I can specify the asymmetric algorithm? I saw this mentioned in WSS-6, but the resolution didn't affect WSSecurityUtil.

2) When I use AES from JsafeJCE as my symmetric algorithm, WSEncryptBody.getKeyGenerator retrieves the keygen instance by OID. This causes a NoSuchAlgorithmException: 2.16 with JsafeJCE.

To get it working, I changed getKeyGenerator() to do AES lookup's by name:

    private KeyGenerator getKeyGenerator() throws WSSecurityException {
        KeyGenerator keyGen = null;
        try {
            if (symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
                keyGen = KeyGenerator.getInstance("DESede");
            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
                //keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.2");
                keyGen = KeyGenerator.getInstance("AES");
            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
                //keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.22");
                keyGen = KeyGenerator.getInstance("AES");
            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
                //keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.42");
                keyGen = KeyGenerator.getInstance("AES");

Is there a way that I can specify the algorithm name for KeyGenerator without modifying the WSS4J source?

Thanks!
Ray

AW: WSS4J w/RSA Crypto-J JCE provider

Reply via email to