On 6/21/11 3:41 PM, Cantor, Scott E. wrote: > On 6/21/11 3:36 PM, "Cantor, Scott E." <[email protected]> wrote: > >> This is somewhat directed at Sean, but if somebody else knows... >> >> It looks like the RSA-OAEP key transport support is limited to SHA-1 as a >> digest right now in the Java code. It seemed as though Java might support >> the full range of SHA-2 options with that, but I guess the API here >> doesn't. > > Correction: I guess just the algorithms are missing from the config file. > > Should I file a RFE to add them?
(Scott and I were just discussing this offline) The issue isn't really that they are missing, it's that there can be only one defined. The RSA-OAEP algorithm URI maps to a (single) Java JCA algorithm identifier. So you could change the mapping to something else other than the default of SHA-1, but there's no real way to have multiple mappings for the same xmlenc algorithm URI, and additionally no way in the API to select the one that you want. I think there would probably have to be some API work on XMLCipher to allow selection of the OAEP digest method (as well as the mask generation function).
