-----Ursprüngliche Nachricht-----
Von: Kramp, Raymund [mailto:[EMAIL PROTECTED]
Gesendet: Samstag, 8. Oktober 2005 00:54
An: [email protected]
Betreff: WSS4J w/RSA Crypto-J JCE providerI've recently been using WSS4J with RSA's Crypto-J 3.5 (JsafeJCE) provider. I've been able to get it working fine, but have some questions...
1) In WSSecurityUtil.getCipherInstance, there's hard-coded references to the BC provider:
cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC");
I patched this class to use an algorithm from JsafeJCE. Is this a bug, or is there another way that I can specify the asymmetric algorithm? I saw this mentioned in WSS-6, but the resolution didn't affect WSSecurityUtil.
2) When I use AES from JsafeJCE as my symmetric algorithm, WSEncryptBody.getKeyGenerator retrieves the keygen instance by OID. This causes a NoSuchAlgorithmException: 2.16 with JsafeJCE.
To get it working, I changed getKeyGenerator() to do AES lookup's by name:
private KeyGenerator getKeyGenerator() throws WSSecurityException {
KeyGenerator keyGen = null;
try {
if (symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
keyGen = KeyGenerator.getInstance("DESede");
} else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
//keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.2");
keyGen = KeyGenerator.getInstance("AES");
} else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
//keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.22");
keyGen = KeyGenerator.getInstance("AES");
} else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
//keyGen = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.42");
keyGen = KeyGenerator.getInstance("AES");Is there a way that I can specify the algorithm name for KeyGenerator without modifying the WSS4J source?
Thanks!
Ray
Title: Nachricht
Hi,
I'm
just working on that topic to make the provider configurable
because I will need this too :-) - see below
The
various OIDs for AES keygen are due different key length
possible with AES. I didn't found keygen names that
allow
the 3
possible keylength. The BC provider specified these
using
the OIDs (IMO the OIDs and standard OIDs).
Just
as a side info: I'm also working on a binding of the BC
provider to the openSSL crypto library. First results are
promising:
- for
AES, DES, DES3 the openSSL implementation is about
twice as fast (sometimes even more tha 2 times)
- for
RSA (tested with NO PADDING), 1024 bit key, the openSSL
crypto is about 3-4 times faster
I'm
doing hash and signatures as the next steps.
It has
a drawback: it's not a pure Java implementation anymor but
needs
the openSSL crypto library plus the JNI code I implemented
as the
glue between BC and the openSSL lib.
- AW: WSS4J w/RSA Crypto-J JCE provider Dittmann, Werner
- AW: WSS4J w/RSA Crypto-J JCE provider Dittmann, Werner
- Re: WSS4J w/RSA Crypto-J JCE provider Davanum Srinivas
- AW: WSS4J w/RSA Crypto-J JCE provider Dittmann, Werner
- Re: WSS4J w/RSA Crypto-J JCE provider Davanum Srinivas
- AW: WSS4J w/RSA Crypto-J JCE provider Dittmann, Werner
