FWIW: The Gartner interop certs (in trunk/interop/keys) contain critical key usage. For instance, the ca cert should not be usable for encryption.
Thanks, Hans > -----Original Message----- > From: Werner Dittmann [mailto:[EMAIL PROTECTED] > Sent: Sunday, February 05, 2006 12:09 AM > To: Maxwell Scott > Cc: [email protected] > Subject: Re: Incompatibility of WSS4J encryption with PKI > certificates specifying critical keyUsage > > Scott, > > you are right that WSS4J currently uses the ENCRYPT mode to > encrypt a symmetric key. We never yet tested it with > certificates that include the key usage stuff (nor did we get > any report from other users). > > Regarding the RSA: the Cipher class may perform the key usage > checks, however the implememtation of the underlying RSA > cipher (at least for the BouncyCastle implementation) makes > no difference between a key wrap and a simple encrypt mode. > Thus it is my belief that both modes are equivalent in this > case. This needs to be tested though. > > Regards, > Werner > > ... --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
