Great - thanks for testing!
—Sean
On Oct 11, 2023, at 11:43 PM, Brent Putman
mailto:putm...@georgetown.edu>> wrote:
Hi,
Sorry this took longer to get to than I anticipated. I wanted to report back
on this before the upcoming Santuario releases.
I have tested OpenSAML against a local build
Hi,
Sorry this took longer to get to than I anticipated. I wanted to
report back on this before the upcoming Santuario releases.
I have tested OpenSAML against a local build of xmlsec 3.0.3-SNAPSHOT,
under JDK 17 which is the baseline for our current branch. The new
RSASSA-PSS stuff seems t
Hi Sean,
Thanks for working on this. I'll see about doing some local build
testing in the next few days.
Thanks,
Brent
On 9/12/23 8:45 AM, Sean Mullan wrote:
Hi Brent,
I have fixed this issue [1] and it will be in the next 2.3.4 and
3.0.3 releases of Santuario. However, if you have a cha
Hi Brent,
I have fixed this issue [1] and it will be in the next 2.3.4 and 3.0.3
releases of Santuario. However, if you have a chance to pull the latest
sources and do a local build to see if it addresses your concerns, that
would be great and provide more assurance that it is working.
Thank
On 8/10/23 1:15 PM, Sean Mullan wrote:
Yes, sorry I guess I wasn't clear enough. This is a Santuario issue.
I can probably post a PR in the next few days that addresses this.To
me this is the best solution if you want to provide a solution that
works both with BC and the JDK.
Ok, thanks! Y
Hi Brent,
On 8/8/23 7:39 PM, Brent Putman wrote:
Hi Sean,
On 8/8/23 4:05 PM, Sean Mullan wrote:
As mentioned before, you can implement this in the Santuario layer by
instantiating the algorithms as "RSASSA-PSS" and passing in an
appropriate PSSParameterSpec with the default values as spec
Hi Sean,
On 8/8/23 4:05 PM, Sean Mullan wrote:
As mentioned before, you can implement this in the Santuario layer by
instantiating the algorithms as "RSASSA-PSS" and passing in an
appropriate PSSParameterSpec with the default values as specified by
RFC 6931. I recommend this technique as it
On 8/8/23 3:33 PM, Brent Putman wrote:
Hi Sean,
If that's the answer, then I guess we'll have to live with it. It would
have been nicer to see the opposite resolution - make the impl fit the
docs, esp since the JDK does already fundamentally support the
underlying algorithm. Is there any
Hi Sean,
If that's the answer, then I guess we'll have to live with it. It would
have been nicer to see the opposite resolution - make the impl fit the
docs, esp since the JDK does already fundamentally support the
underlying algorithm. Is there any notion that these will be
implemented in a
Hi Brent,
The JDK docs for the SunRsaSign provider are incorrect, and we don't
support those algorithm names. A bug has been filed to correct that:
https://bugs.openjdk.org/browse/JDK-8313797
I am still looking into your other questions, will get back to you when
I have more info.
--Sean
Ok, great, thanks for looking into it!
--Brent
On 8/4/23 3:12 PM, Sean Mullan wrote:
Yeah, I get it, I need to chat with some folks here first that worked
on this before I can give you a better response.
--Sean
On 8/4/23 2:55 PM, Brent Putman wrote:
Hi Sean,
I understood that was how to d
Yeah, I get it, I need to chat with some folks here first that worked on
this before I can give you a better response.
--Sean
On 8/4/23 2:55 PM, Brent Putman wrote:
Hi Sean,
I understood that was how to do the RSA PSS algorithm with explicit
parameters, which in Java is done with a PSSParame
Hi Sean,
I understood that was how to do the RSA PSS algorithm with explicit
parameters, which in Java is done with a PSSParameterSpec. For XML
Signature that corresponds with this RFC URI:
http://www.w3.org/2007/05/xmldsig-more#rsa-pss
I'm instead talking here about the ones that have impl
Hi Brent,
You need to pass the MGF and other parameters in a PSSParameterSpec to
the Signature algorithm, like so:
Signature sig = Signature.getInstance("RSASSA-PSS", "SunRsaSign")
sig.setParameter(new PSSParameterSpec("SHA-256", "MGF1",
MGF1ParameterSpec.SHA256, 32, PSSParameterSpec.TRAILER_
14 matches
Mail list logo
