Hi Colm, Actually setting "keyWrapAlgorithm" to " http://www.w3.org/2001/04/xmlenc#rsa-1_5"; didn't work. I forgot to restart Tomcat after I made changes. My apologies. At this point, I have to comment out "encryptionProperties" to get this work.
Thanks. Gina On Wed, Jul 18, 2012 at 8:11 AM, Gina Choi <[email protected]> wrote: > Hi Colm, > > As always, thanks for your response. As you can tell, I don't have much > knowledge about encryption algorithms, so I have following questions. > > > > <<<What JDK vendor and version are you using on the WSP side? Some JDK's > have > a problem with the rsa-oaep key wrapping algorithm. Try just using the > following instead for the "keyWrapAlgorithm" property (this is the default > which explains why it works when you comment it out): > > "http://www.w3.org/2001/04/xmlenc#rsa-1_5"; > >>> > > I am using Sun jdk1.6.0_24 on WSP. I uncommented "EncryptionProperties" > and set "keyWrapalgorithm" to "http://www.w3.org/2001/04/xmlenc#rsa-1_5"; > and it worked. So, does it mean that WSP "keyWrapalgorithm" depends on JDK > vendor and version? > Both "encryptionAlgorithm" and "keyWrapAlgorithm" are defined as a String, > so on STS side we can define one values only. Correct? > > > > <<< > The STS client can also specify other algorithms to use by sending a > "<wst:EncryptionAlgorithm>...< /wst:EncryptionAlgorithm>" String and/or > a "<wst:KeyWrapAlgorithm>...</wst:KeyWrapAlgorithm>" String in the request. > >>> > > Regardless of "EncryptionProperties" settings on > STS(cxf-encrypted-ut.xml), can override STS settings by specifying both > <wst:EncryptionAlgorithm> and <wst:KeyWrapAlgorithm> in the client request? > > To set client settings should I use properties("encryption" and > "symmetricKeyWrap" since I am using symmetric bindings)of > org.apache.cxf.ws.security.policy.model.AlgorithmSuite? I mean that I need > to create AlgorithmSuite bean and reference it in client configuration. > > Thanks. > > Gina > >
