Hi Team, Not sure if this is correct forum / mailing list to put this query. If this is not could you let me know where could I post this query. We are using XMLCipher API to perform encrypt and decrypt operations of SAML assertions and we are seeing a issue when integrating with Shibboleth / HSM devices (Any third-party which is not using xmlsec) and when using only RSAOAEP 1.1 with mgfalgorithm as SHA224 (rest all are working fine). When referred xmlsec code @ santuario-xml-security-java/XMLCipher.java at xmlsec-2.2.2 · apache/santuario-xml-security-java · GitHub and during encryptkey call xmlsec is trying to construct OAEP parameters in constructOAEPParameters function. In that function while constructing MGF1ParameterSpec there is an if else which has SHA1 (default), SHA256, SHA384 and SHA512 but not SHA224 (even this is the same case in constructCipher function as well). Is there any reason behind omitting SHA224 in these places? Also is there any place in API documentation / website where I could find list of all algorithms supported by xmlsec for different crypto operations? Sample Code for wrapping key is as below KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", jceProvider); keyGenerator.init(256, SecureRandom); SecretKey dek = keyGenerator.generateKey(); XMLCipher cipher = XMLCipher.getProviderInstanceXMLCipher.RSA_OAEP_11, jceProvider, Canonicalizer.ALGO_ID_C14N_PHYSICAL, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224); cipher.init(XMLCipher.WRAP_MODE, publickey); EncryptedKey encryptedKey = cipher.encryptKey(xmlDoc, dek, "http://www.w3.org/2009/xmlenc11#mgf1sha224", null); Thanks in Advance. Regards, Sreenivas |
- Regarding support of SHA224 as mgfalgorithm during en... Sreenivas Somavarapu
- Re: Regarding support of SHA224 as mgfalgorithm ... Colm O hEigeartaigh
- Re: Regarding support of SHA224 as mgfalgori... sreenivas somavarapu
- Re: Regarding support of SHA224 as mgfal... Colm O hEigeartaigh
