Dims, just saw it for the first time, can get some ideas from it.
What I did was to take only the relevant BC provider classes, copy them and did modifications to host the entries to the native code. By doing so I retained to complete BC code with all other functions and cryptos that are not supported by openSSL and that also provides a smooth integration of other functions as soon as they show up, maybe even in other crypto libs. I introduced "BCOpenSSL" as additional provider in parallel to "BC". That's also the reason to make the provider selection more flexible in WSS4J :-). Just replacing "BC" with "BCOpenSSL" would do the trick. I'm looking into the WSConfig to enhance it and to eliminate the "BC" string also in the rest of the code. Maybe next week or so I can give some first results together with WSS4J, I expect some real enhancements. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Davanum Srinivas [mailto:[EMAIL PROTECTED] > Gesendet: Montag, 10. Oktober 2005 14:07 > An: Dittmann, Werner > Cc: Kramp, Raymund; [email protected] > Betreff: Re: WSS4J w/RSA Crypto-J JCE provider > > > Werner, > > Are u familiar with this code? > http://svn.apache.org/repos/asf/incubator/juice/. Can we use that > project to host your JNI code? (merge whatever is good and throw away > the duplicates)? > > thanks, > -- dims > > On 10/10/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I'm just working on that topic to make the provider configurable > > because I will need this too :-) - see below > > > > The various OIDs for AES keygen are due different key length > > possible with AES. I didn't found keygen names that allow > > the 3 possible keylength. The BC provider specified these > > using the OIDs (IMO the OIDs and standard OIDs). > > > > Just as a side info: I'm also working on a binding of the BC > > provider to the openSSL crypto library. First results are promising: > > > > - for AES, DES, DES3 the openSSL implementation is about > > twice as fast (sometimes even more tha 2 times) > > > > - for RSA (tested with NO PADDING), 1024 bit key, the openSSL > > crypto is about 3-4 times faster > > > > I'm doing hash and signatures as the next steps. > > > > It has a drawback: it's not a pure Java implementation anymor but > > needs the openSSL crypto library plus the JNI code I implemented > > as the glue between BC and the openSSL lib. > > > > > > > > -----Ursprüngliche Nachricht----- > > Von: Kramp, Raymund [mailto:[EMAIL PROTECTED] > > Gesendet: Samstag, 8. Oktober 2005 00:54 > > An: [email protected] > > Betreff: WSS4J w/RSA Crypto-J JCE provider > > > > > > > > I've recently been using WSS4J with RSA's Crypto-J 3.5 > (JsafeJCE) provider. > > I've been able to get it working fine, but have some questions... > > > > 1) In WSSecurityUtil.getCipherInstance, there's hard-coded > > references to the BC provider: > > > > cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC"); > > > > I patched this class to use an algorithm from JsafeJCE. Is > this a bug, or > > is there another way that I can specify the asymmetric > algorithm? I saw > > this mentioned in WSS-6, but the resolution didn't affect > WSSecurityUtil. > > > > 2) When I use AES from JsafeJCE as my symmetric algorithm, > > WSEncryptBody.getKeyGenerator retrieves the keygen instance > by OID. This > > causes a NoSuchAlgorithmException: 2.16... with JsafeJCE. > > > > To get it working, I changed getKeyGenerator() to do AES > lookup's by name: > > > > private KeyGenerator getKeyGenerator() throws > WSSecurityException { > > KeyGenerator keyGen = null; > > try { > > if > (symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) { > > keyGen = KeyGenerator.getInstance("DESede"); > > } else if > (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) { > > //keyGen = > > KeyGenerator.getInstance("2.16.840.1.101.3.4.1.2"); > > keyGen = KeyGenerator.getInstance("AES"); > > } else if > (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) { > > //keyGen = > > KeyGenerator.getInstance("2.16.840.1.101.3.4.1.22"); > > keyGen = KeyGenerator.getInstance("AES"); > > } else if > (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) { > > //keyGen = > > KeyGenerator.getInstance("2.16.840.1.101.3.4.1.42"); > > keyGen = KeyGenerator.getInstance("AES"); > > > > Is there a way that I can specify the algorithm name for > KeyGenerator > > without modifying the WSS4J source? > > > > Thanks! > > Ray > > > -- > Davanum Srinivas : http://wso2.com/blogs/ > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
