Hi Mujahed, On Thu, 14 Aug 2014 08:48:04 -0700 (PDT) mujahedsyed <[email protected]> wrote:
> Hi All, > > I am trying to upgrade the existing sample application that I have > been creating since past few weeks to work with AES 256 bit algorithm > instead of AES 128. > > Following this link on creating aes 256 keys > http://www.ensor.cc/#setup I have create a key using keytool as: > keytool -genseckey -keystore aes-keystore.jck -storetype jceks -storepass > mystorepass -keyalg AES -keysize 256 -alias jceksaes -keypass mykeypass > > do someone know if the keystore that is available here > https://github.com/coheigea/testcases/blob/master/apache/santuario/santuario-xml-encryption/src/test/resources/servicestore.jks > was created using the same command (shown above). > > I am asking this because when I do following in my code keystore > returns null: > > > I would really appreciate the guidance here, please let me know if > you can point to some guide? > > So, in summary I have three questions: > 1. does anyone know if servicestore.jks was created using the same > command I have used? Most probably not since you are creating a symmetric key but the sample project uses hybrid encryption and has therefore ony asymmetric-keys stored in the jks. > 2. why is defaultCert returing null for me? I think I have created my > certificate incorrectly. I tried to debug this but the method source > code "engineGetCertificate" in java.security.KeyStore.keyStoreSpi is > not available. Which defaultCert? Independent of that since you created a symmetric key there is no cert. See 1. above > 3. I have been googling all day to find out if there is any link > available that can help me create a aes 256 bit key but i failed If your goal is to create a symmetric key your command above seems to be fine. But if you want to extend the sample project, which I think is your goal, so that it encrypts the document with AES256 you simply have to change the algo-uri in the code to "http://www.w3.org/2001/04/xmlenc#aes256-cbc";. That's it. And if you want to create a new keystore to replace the provided one in the sample project (of course you shouldn't use the provided one in your projects, therefore this is the right thing todo) use "keytool -genkeypair ..." This will generate a Keypair incl. certificate (asymmetric keys used to encrypt the session-key (the symmetric aes-key generated as defined by the algo-uri). Marc > > Your help really appreciated, > Thanks. > Regards, > Mujahed > > > > -- > View this message in context: > http://apache-xml-project.6118.n7.nabble.com/AES-256-bit-encryption-tp41373.html > Sent from the Apache XML - Security - Dev mailing list archive at > Nabble.com.
