Scott, you are right that WSS4J currently uses the ENCRYPT mode to encrypt a symmetric key. We never yet tested it with certificates that include the key usage stuff (nor did we get any report from other users).
Regarding the RSA: the Cipher class may perform the key usage checks, however the implememtation of the underlying RSA cipher (at least for the BouncyCastle implementation) makes no difference between a key wrap and a simple encrypt mode. Thus it is my belief that both modes are equivalent in this case. This needs to be tested though. Regards, Werner Maxwell Scott wrote: > I do understand that WS-Security uses random (symmetric) session keys > for the actual encryption of body elements. And of course these keys > are encrypted with the receiver's public key so that it can be decrypted > with the private key. > > However, strictly speaking, I don't think wss4j is using the key > wrapping mode (Cipher.WRAP_MODE) in WSEncryptBody.build. The source > code of wss4j 1.1.0 shows that you init the cipher in ENCRYPT_MODE in > order to encrypt the session key. > > Based on my admittedly limited knowledge of javax.crypto.Cipher, I > believe the Cipher.ENCRYPT_MODE can be used to encrypt any byte[] (which > could be a session key), while Cipher.WRAP_MODE can only be used to > encrypt keys. The difference being that the public key used to init the > cipher must either 1) have no critical keyUsages set (as is the case > with the provided test certificates) and therefore could be used in > either mode, or 2) have the proper critical keyUsage setting that > corresponds to the mode/action (dataEncipherment for ENCRYPT_MODE and > keyEncipherment for WRAP_MODE). > > We have tested with JRE 1.4.2_08 and wss4j 1.1.0 using the wss4j > provided certificates (no keyUsages), and ones created using OpenSSL > with only the digitalSignature and keyEncipherment critical keyUsages > set. With the latter set of keys, we encounter the InvalidKeyException > in WSEncryptBody.build at the line "cipher.init(Cipher.ENCRYPT_MODE, > remoteCert);" If, however, this is changed to > cipher.init(Cipher.WRAP_MODE, remoteCert);, no exception is thrown with > either set of keys and encryption works as expected. > > When you say for RSA both ENCRYPT_MODE and WRAP_MODE are identical, do > you mean a specific Provider? It is my belief that the > javax.crypto.Cipher class is performing the check of critical keyUsages, > and is therefore independent of any specific Provider? > > Thanks, > --Scott > ------------------------------------------------------------------------ > *From:* Werner Dittmann [mailto:[EMAIL PROTECTED] > *Sent:* Sat 2/4/2006 12:51 AM > *To:* Maxwell Scott > *Cc:* [email protected] > *Subject:* Re: Incompatibility of WSS4J encryption with PKI certificates > specifying critical keyUsage > > Scott, > > untils now we never had such a problem :-). In fact the WS Security does > not use the public/private keys to encrypt / decrypt the data but uses > a random session key and encrypts the data using a symmetrical cipher. > The public key is used the encrypt this random session key. Thus, in > fact we use a KeyWarp. But for RSA the ENCRYPT_MODE and WRAP_MODE are > identical. Which vesion of Java do you use? > > We'll need to test if the WRAP/UNWARP modes works as expected. > > Regrads, > Werner > > > yes and no. > Maxwell Scott wrote: >> I've been trying to configure the WSS4J samples using sender actions >> Signature and Encryption using our PKI certificates. Our PKI poses >> strict rules on certificate keyUsage. Basically, certificates are only >> ever given the keyUsages of digitalSignature and keyEncipherment. The >> keyUsage dataEncipherment is not allowed, presumably to avoid >> inefficient encryption using the public/private key pairs instead of a >> symmetric session key. >> >> Using these certificates (with keyUsage) results in an >> InvalidKeyException when initializing a javax.crypto.Cipher in the >> ENCRYPT_MODE as in WSEncryptBody.build: >> >> cipher.init(Cipher.ENCRYPT_MODE, remoteCert); >> >> >> To support both cases (certs with no keyUsage, and certificates with >> critical keyUsage allowing keyEncipherment but not dataEncipherment) I >> think a better solution would be to use the WRAP_MODE, changing the >> encryption of session keys with public keys from encryptedKey = >> cipher.doFinal(encKey); to encryptedKey = >> cipher.wrap(this.encryptionKey); This also has to be handled >> appropriately (perform an UNWRAP) on the receiver's end in >> WSSecurityEngine.handleEncryptedKey. >> >> Does this sound correct? >> >> --Scott > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
