Hi, It will be fixed for the next release here - https://issues.apache.org/jira/browse/SANTUARIO-579
Colm. On Tue, Sep 7, 2021 at 11:48 PM Sreenivas Somavarapu <[email protected]> wrote: > > Hi Team, > > > > Not sure if this is correct forum / mailing list to put this query. If this > is not could you let me know where could I post this query. > > > > We are using XMLCipher API to perform encrypt and decrypt operations of SAML > assertions and we are seeing a issue when integrating with Shibboleth / HSM > devices (Any third-party which is not using xmlsec) and when using only > RSAOAEP 1.1 with mgfalgorithm as SHA224 (rest all are working fine). When > referred xmlsec code @ santuario-xml-security-java/XMLCipher.java at > xmlsec-2.2.2 · apache/santuario-xml-security-java · GitHub and during > encryptkey call xmlsec is trying to construct OAEP parameters in > constructOAEPParameters function. In that function while constructing > MGF1ParameterSpec there is an if else which has SHA1 (default), SHA256, > SHA384 and SHA512 but not SHA224 (even this is the same case in > constructCipher function as well). > > > > Is there any reason behind omitting SHA224 in these places? Also is there any > place in API documentation / website where I could find list of all > algorithms supported by xmlsec for different crypto operations? > > > > Sample Code for wrapping key is as below > > KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", jceProvider); > > keyGenerator.init(256, SecureRandom); > > SecretKey dek = keyGenerator.generateKey(); > > XMLCipher cipher = XMLCipher.getProviderInstanceXMLCipher.RSA_OAEP_11, > jceProvider, Canonicalizer.ALGO_ID_C14N_PHYSICAL, > MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224); > > cipher.init(XMLCipher.WRAP_MODE, publickey); > > EncryptedKey encryptedKey = cipher.encryptKey(xmlDoc, dek, > "http://www.w3.org/2009/xmlenc11#mgf1sha224";, null); > > > > Thanks in Advance. > > > > Regards, > > Sreenivas
