The problem comes from Java Cryptography Extension (JCE) policy files
1.-
Due to import control restrictions for some countries, the Java Cryptography Extension (JCE) policy files shipped with the J2SE Development
Kit and the J2SE Runtime Environment allow strong but limited cryptography to be used. These files are located at
<java-home>/lib/security/local_policy.jar
<java-home>/lib/security/US_export_policy.jar
where <java-home> is the jre directory of the JDK or the top-level directory of the J2SE Runtime Environment.
An unlimited strength version of these files indicating no restrictions on cryptographic strengths is available
on the JDK web site for those living in eligible countries. Those living in eligible countries may download the unlimited strength
version and replace the strong cryptography jar files with the unlimited strength files.
Unlimited strength Jurisdiction Policy Files may be downloaded from the JavaSoft's web site.
Here is the web address: http://java.sun.com/javase/downloads/index.jsp#docs (At the end of the page).
Open the readme.txt and follow the instructions:
Basically replace two existing jar for the two new ones ((US_export_policy.jar and local_policy.jar )
2.-
Install the Bouncycastle JAR in the Path of the server Web application (WEB-INF/jar/bcprov- jdk15-132.jar).
because if WSS4J does not find the Bouncycastle in the Path it is not
initialized and registered as security provider. and the default one
Sun Security provider does not support all required algorithms and keystore formats.
(in this case RSA)
[Am not so sure about this step. I think all this happends more in the JRE, but as my config work I add it here as comment. see next point]
3.-
I've installed the bouncycastle jar in <jre_home>/lib/ext and i've
changed <jre_home>/lib/security/java.security to add this line:
security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
4.-
and ... in the client side i don't have to install "unlimited strength
jce", only with the bouncy castle .jar in classpath is enough to run
well.
Thank you everybody.
Happy AXIS and WSS4J!
José Ferreiro
PS: source is http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ#noalgo
On 9/1/06, José Ferreiro <[EMAIL PROTECTED]> wrote:
Hello All,
I nearly sucessfully completed my ws-service.
However I am having problems to encrpyt/decrypt (I guess, because signature process is working fine)
Well a problem of encryption/decryption.
There is no problem with the keystores because I am able to sign and verify the sent/received messages.
The problem comes in the next step when I want to encrypt/decrypt
here is the trace error:
-----------------------------------------------------------------------------------------------------------------
WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5)
-------------------------------------------------------------------------------------------------------------------
I am using Axis 1.4 and WSS4J 1.5 with Tomcat
After some research I found out where it could be the problem:
http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ#noalgo
I sucessfully installed the Bouncycastle JAR and also policy jar.
I am wondering if I should install also the JavaTM Cryptography Extension (JCE)
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
Does someone face this problem?
Thank you in advance for any possible help.
José Ferreiro
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
--
José Ferreiro
EPFL Communication Systems engineer
ing.sys.com.dipl.EPFL
