Dave,
sometimes this happens if one forgot to install the unlimited
strength JCE policy (at least this happens to me sometimes when
I install a new java version - I have to reinstall in every
time in the new install directory).
Regards,
Werner
> -Ursprüngliche Nachricht-
> Von: Dave Oxl
Here are my votes:
1) +1
2) Santuario
3) +1
Regards,
Werner
> -Ursprüngliche Nachricht-
> Von: Berin Lautenbach [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 31. Mai 2006 12:22
> An: security-dev@xml.apache.org
> Betreff: VOTE: TLP Resolution
>
> All,
>
> I'm going to make this h
+1 to #3
+1 to Sanctuary
BTW, do I have karma to XML-security? Or "only" to WebServices? :-)
Regards,
Werner
> -Ursprüngliche Nachricht-
> Von: Davanum Srinivas [mailto:[EMAIL PROTECTED]
> Gesendet: Dienstag, 2. Mai 2006 14:06
> An: security-dev@xml.apache.org
> Betreff: Re: TLP Res
should check the
> provider at position 2. But I think we should add this info in the
> xml-sec FAQ...
>
> Regards,
>
> Raul
>
> On 3/21/06, Dittmann, Werner <[EMAIL PROTECTED]> wrote:
> > Raul,
> >
> > to define it explicitly I would not modify exi
Raul,
to define it explicitly I would not modify existing method
signature but add a new method for XMLSignature and XMLCipher
to set a provider, somthing like "setJCEProvider(String id)" .
This way the implementation can check and propagate the info
to other classes is required.
Defining a spec
Scott,
thanks for the info and the background on JuiCE. Do you
(or somebody else on the list) know about the threading
issues you mentioned? What was the problem here?
I've looked into openSSL code and as far as I could see
there should be no threading issue. There may be a threading
issue if you
Title: Nachricht
Milan,
some
users of w3c security stuff, such as OASIS WebService security
specification
also
define and use MD5 together with Signature. Thus I would not recommend
to
remove
it.
Regards,
Werner
-Ursprüngliche Nachricht-Von: Milan Tomic
[mailto:[EMAIL
Alexey,
DESede/CBC/ISO10126Padding is support with the Sun provider
AFAIK, als the RSA mode. Did you install the unresticted
security policy for the Sun provider? if not you may have
problems with RSA greater than 512bit AFAIK.
Regards,
Werner
> -Ursprüngliche Nachricht-
> Von: news [mai
All,
using the same hardware as described below, using the same
test scenario I did some tests using a special BouncyCastle
library that uses the openSSL crypto library to do
encryption /decryption, hashing, and signature.
To enable special BC provider no modifications in WSS4J
nor in XML-SEC wer
Raul,
after digging a bit more into the problem I see the several
differences.
The first run was done with calling circumventBug2650(doc), creating
an own node set and using XMLSignatureInput(resultSet) as return from
then EnvelopeIdResolver.
The second run does not call circumventBug2650(doc)
Raul, Vishal,
in the WSS4J project we use the xml-sec java lib and
we discovered a similar problem about more than a year
ago with the same setup: Verifying a part of a document
after decryption. We solved that problem somehow :-). As
far as I can remember the fix was done in the encryption and
de
Martin,
all this software is public domain software and is
publicly available in source as well as (in most cases)
also in binary format. Thus there is no real need
to export this SW in any country - if you need it
somewhere - just download it and use it at the
site.
AFAIK no organisation that "
Martin,
all this software is public domain software and is
available publicly in source as well as (in most cases)
also in binary format. Thus there is no real need
to export this SW in any country - if you need it
somewhere - just download it and use it at the
site.
Thus this software is alread
Juergen,
some time ago I had the same problem. The problem was that
the public key size was to small to encrypt my symmetric
key. "Small" means: I used a PKI with a keysize of 512 bits
only, after switching to 1024 it was ok.
The PKI algorithms encrypt only one block of plain data
at a time. T
Heiner,
its a legal keyinfo if both, the issuer serial
and the SKI point to the _same_ certificate. Thus
an implementation can use either of the two (or both)
to get/identify a certificate.
Regards,
Werner
> -Ursprüngliche Nachricht-
> Von: Heiner Westphal [mailto:[EMAIL PROTECTED]
> Ge
:14
> An: [EMAIL PROTECTED]
> Betreff: Re: AW: Question on c14n exclusive
>
>
> Dittmann Werner wrote:
>
> >
> > * Finally, employ the canonicalization method specified as
> a parameter to the transform to
> > serialize N to produce the octet stream output
Raul,
already tried that hack, the problem with that is that
c14n outputs either a byte buffer that is the XML
docu as String or as a node set - this has to be
serialized then deadlock.
Well, I try to ask the WSS guys how they think this
problem can be sloved.
Regards,
Werner
> -Ursprün
Raul,
thanks.
However, the element that I create is a top level
elemen, i.e. an apex node (as far as I understand the
c14n specs). According to the WSS specs
* Finally, employ the canonicalization method specified as a parameter to the
transform to
serialize N to produce the octet stream outpu
All,
a question to the c14 gurus on the list.
I set up an Element node and set the default namespace
to "" using the following code:
elem.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", "");
This seems to work.
The element is c14n'ed using the following code:
XMLUtils.circumventBug2650(e
All,
just a short note about Base64. I use the Base64 of XML
security in WSS4J functions and it works perfectly. Any
reason why to use the Xerces implementation?
In addition the Base64 of XML security provides a way
to control line wrap, that is if I call
Sting xxx = Base64.encode(data,
Oleg,
I'm using XML encryption for SOAP in the Apache project
WSS4J and I use doFinal to do it for SOAP. Maybe you
can have a look at Apache's WSS4J project, in
particular to the encryption functions that control and
perform WSS compliant SOAP encryption.
Regards,
Werner
> -Ursprüngliche Nac
Stephen,
two answers here:
1st: pls have a look at the Apache WSS4J
project (subproject of ws-fx). Here we implemented
Web Service Security (SOAP with XMLSig and XMLEncrypt).
2nd: before you send the signed request you may feed it
to a canonicalization function (c14n function) that removes
the
Title: Nachricht
Steve,
AFAIK
the XML Signature specifications and the current
implementation does not support the signing of
attachments.
Have a
look as Apache's WSS4J project how to deal with
SOAP
security, it's an implementation of the Oasis WSS
specification. Anyhow, also this does
ase note that the behavior of decryptElement() and
> decryptElementContent() methods is exactly the same.
>
> Thanks,
>
> Vishal
>
> Dittmann Werner wrote:
>
> >Vishal,
> >
> >that depeneds: if you encrypt/decrypt in Element mode
> >then it is c
> -Ursprüngliche Nachricht-
> Von: Vishal Mahajan [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 11. Februar 2004 12:33
> An: [EMAIL PROTECTED]
> Betreff: Re: AW: Problem in Decryption
>
>
> Hi Dittmann,
>
> Dittmann Werner wrote:
>
> >Vishal, B
Vishal, Berin
during some encrypt/decrypt tests with signature:
This is mainly a problem for "content" mode encryption.
AFAIK, during encryption XMLCipher creates a document fragment
with the content, serializes and encrypts it. Decryption
is reverse. After decryption XMLCipher first removes
(or
Title: Nachricht
Anil,
yes,
basically this is the function to look up a wsu:id. The Id must
have
a '#'
as the first chars (relative URI inside a doc).
MAybe
you can also have a look at 'EnvelopeIdResoler.java". We
register
this
resolver with the XML security library to resolve wsu:id a
All,
attached a patch to XMLCipher. It is the same
patch as posted January, 5th with one slight modification.
This code now _always_ gets a C14n instance to perform
serialization. It does not use Xerces XMLSerialization
anymore (I didn't delete the code that uses it, its
just not called anymore).
> We can't depend on a specific version of Xerces EVEN if they
> fix problems in their code. So is
> there a possibility of patching xml-security itself? (Write
> custom serializers just like we do in
> Axis)
>
> thanks,
> dims
>
> --- Dittmann Werner <[EMAI
12:30
> An: [EMAIL PROTECTED]
> Betreff: Re: AW: AW: Verification after decrypt
>
>
> Ahh. Yes. Apologies - had forgotten the part about the bug!
>
> What think you - should we see if we can escalate with the Xerces
> people? Am happy to do so!
>
> Cheers,
>
Berin,
actually there were (are) some problems during
the encryption processing in Content mode, in particular
the serialization of Document fragments (Document
fragments may have Text nodes as first level
child nodes - its a fragment).
The first problems was that Content mode didn't
serialize t
Title: Nachricht
Heyjung
as I
understand it you first sign, then encrypt your XML document
(decrypt/verify to check it).
Depending on the xmlsec-jar you use there may be problems in
the
encryption mehtods.
The
problem in some case (note: XML encryption is in beta) is
that
the
encrypti
Hi heyjung,
IMHO you should use the ed.getElementsByTagNameNS()
method to get the xenc:... element because its a
namespace qualified element. Please refer to
DOM API documentation.
Regards,
Werner
> -Ursprüngliche Nachricht-
> Von: news [mailto:[EMAIL PROTECTED] Im Auftrag von hyejun
rote:
>
> -
> Werner,
>
> Help would be nice. No, help would be much appreciated. I am
> currentlyoccupied elsewhere. The more
> you do, the more you are allowed to do! Gofor it.
>
> Thanks
>
> Ax/
>
> Dittmann Wer
Axl, all,
would be nice if you can do so. Then I can get a fresh
version from CVS. Do you plan to update other parts
of the code? I saw some problems using the internal
serializer class (the patch addresses only the TEXT
node, not the others). If I can be of any help
Regards,
Werner
> -
All,
here are some patches for XMLCipher. Fixed problems
with Content encryption, base64 encoding. Some
other enhancement such wrong coding, enhancement of
Serializer code to include comment, CDATA nodes,
etc. follow the next days.
Regards,
Werner
XMLCipher.patch
Description: Binary data
Ci
Hi all,
a short report about performance of WSS4J based on
Apache XML-Security.
The tests were performed on a Win-XP Pro System with
Pentium III, 600MHz, 256MB.
Used relevant software:
- xmlsec.jar (pre-release, around mid November with XMLCipher support)
- xalan.jar 2.5.1
- xerces.jar 2.4.0
-
Hi all,
while doing some tests with Encryption and Signing a SOAP
message (in that order: encrypt, then sign) I use
a pre-release version of xmlsec XMLCipher class.
The XMLCipher produces the following output when
encrypting the SOAP Body child element:
http://schemas.xmlsoap.org/ws/2002/07/uti
Hi,
seems that your program didn't use Axis with attachment
enabled and it looks like you were using an older
version of Axis - newver Versions throw an IOException
if attachements are not supported in Axis.
You need to build Axis in the proper way to support
attachements (activation.jar, mail.ja
39 matches
Mail list logo
