I added a test-case here and it seems to work: https://github.com/apache/santuario-xml-security-java/commit/d0bc3285f82b9f4de4e023c2f9b4ec8a22db8211
Colm. On Thu, Sep 9, 2021 at 2:43 PM sreenivas somavarapu <[email protected]> wrote: > > Hi Colm, > > Thank you for your response. One final query is Will SHA224 be supported in > both cases? > - Construction of OAEPParameters in constructOAEPParameters method > - Construction of cipher using SHA224 digest algorithm in constructCipher > method > > Regards, > Sreenivas > > > On Wed 8 Sep, 2021, 4:22 PM Colm O hEigeartaigh, <[email protected]> wrote: >> >> Hi, >> >> It will be fixed for the next release here - >> https://issues.apache.org/jira/browse/SANTUARIO-579 >> >> Colm. >> >> On Tue, Sep 7, 2021 at 11:48 PM Sreenivas Somavarapu >> <[email protected]> wrote: >> > >> > Hi Team, >> > >> > >> > >> > Not sure if this is correct forum / mailing list to put this query. If >> > this is not could you let me know where could I post this query. >> > >> > >> > >> > We are using XMLCipher API to perform encrypt and decrypt operations of >> > SAML assertions and we are seeing a issue when integrating with Shibboleth >> > / HSM devices (Any third-party which is not using xmlsec) and when using >> > only RSAOAEP 1.1 with mgfalgorithm as SHA224 (rest all are working fine). >> > When referred xmlsec code @ santuario-xml-security-java/XMLCipher.java at >> > xmlsec-2.2.2 · apache/santuario-xml-security-java · GitHub and during >> > encryptkey call xmlsec is trying to construct OAEP parameters in >> > constructOAEPParameters function. In that function while constructing >> > MGF1ParameterSpec there is an if else which has SHA1 (default), SHA256, >> > SHA384 and SHA512 but not SHA224 (even this is the same case in >> > constructCipher function as well). >> > >> > >> > >> > Is there any reason behind omitting SHA224 in these places? Also is there >> > any place in API documentation / website where I could find list of all >> > algorithms supported by xmlsec for different crypto operations? >> > >> > >> > >> > Sample Code for wrapping key is as below >> > >> > KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", jceProvider); >> > >> > keyGenerator.init(256, SecureRandom); >> > >> > SecretKey dek = keyGenerator.generateKey(); >> > >> > XMLCipher cipher = XMLCipher.getProviderInstance(XMLCipher.RSA_OAEP_11, >> > jceProvider, Canonicalizer.ALGO_ID_C14N_PHYSICAL, >> > MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224); >> > >> > cipher.init(XMLCipher.WRAP_MODE, publickey); >> > >> > EncryptedKey encryptedKey = cipher.encryptKey(xmlDoc, dek, >> > "http://www.w3.org/2009/xmlenc11#mgf1sha224";, null); >> > >> > >> > >> > Thanks in Advance. >> > >> > >> > >> > Regards, >> > >> > Sreenivas
