Sounds Great!!! thanks, dims
On 10/10/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote: > Dims, > > just saw it for the first time, can get some ideas from it. > > What I did was to take only the relevant BC provider classes, copy > them and did modifications to host the entries to the native code. By > doing so I retained to complete BC code with all other functions > and cryptos that are not supported by openSSL and that also > provides a smooth integration of other functions as soon as > they show up, maybe even in other crypto libs. > > I introduced "BCOpenSSL" as additional provider in parallel > to "BC". That's also the reason to make the provider > selection more flexible in WSS4J :-). Just replacing "BC" with > "BCOpenSSL" would do the trick. I'm looking into the WSConfig to > enhance it and to eliminate the "BC" string also in the rest of > the code. > > Maybe next week or so I can give some first results together > with WSS4J, I expect some real enhancements. > > Regards, > Werner > > > -----Ursprüngliche Nachricht----- > > Von: Davanum Srinivas [mailto:[EMAIL PROTECTED] > > Gesendet: Montag, 10. Oktober 2005 14:07 > > An: Dittmann, Werner > > Cc: Kramp, Raymund; [email protected] > > Betreff: Re: WSS4J w/RSA Crypto-J JCE provider > > > > > > Werner, > > > > Are u familiar with this code? > > http://svn.apache.org/repos/asf/incubator/juice/. Can we use that > > project to host your JNI code? (merge whatever is good and throw away > > the duplicates)? > > > > thanks, > > -- dims > > > > On 10/10/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > > > I'm just working on that topic to make the provider configurable > > > because I will need this too :-) - see below > > > > > > The various OIDs for AES keygen are due different key length > > > possible with AES. I didn't found keygen names that allow > > > the 3 possible keylength. The BC provider specified these > > > using the OIDs (IMO the OIDs and standard OIDs). > > > > > > Just as a side info: I'm also working on a binding of the BC > > > provider to the openSSL crypto library. First results are promising: > > > > > > - for AES, DES, DES3 the openSSL implementation is about > > > twice as fast (sometimes even more tha 2 times) > > > > > > - for RSA (tested with NO PADDING), 1024 bit key, the openSSL > > > crypto is about 3-4 times faster > > > > > > I'm doing hash and signatures as the next steps. > > > > > > It has a drawback: it's not a pure Java implementation anymor but > > > needs the openSSL crypto library plus the JNI code I implemented > > > as the glue between BC and the openSSL lib. > > > > > > > > > > > > -----Ursprüngliche Nachricht----- > > > Von: Kramp, Raymund [mailto:[EMAIL PROTECTED] > > > Gesendet: Samstag, 8. Oktober 2005 00:54 > > > An: [email protected] > > > Betreff: WSS4J w/RSA Crypto-J JCE provider > > > > > > > > > > > > I've recently been using WSS4J with RSA's Crypto-J 3.5 > > (JsafeJCE) provider. > > > I've been able to get it working fine, but have some questions... > > > > > > 1) In WSSecurityUtil.getCipherInstance, there's hard-coded > > > references to the BC provider: > > > > > > cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC"); > > > > > > I patched this class to use an algorithm from JsafeJCE. Is > > this a bug, or > > > is there another way that I can specify the asymmetric > > algorithm? I saw > > > this mentioned in WSS-6, but the resolution didn't affect > > WSSecurityUtil. > > > > > > 2) When I use AES from JsafeJCE as my symmetric algorithm, > > > WSEncryptBody.getKeyGenerator retrieves the keygen instance > > by OID. This > > > causes a NoSuchAlgorithmException: 2.16... with JsafeJCE. > > > > > > To get it working, I changed getKeyGenerator() to do AES > > lookup's by name: > > > > > > private KeyGenerator getKeyGenerator() throws > > WSSecurityException { > > > KeyGenerator keyGen = null; > > > try { > > > if > > (symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) { > > > keyGen = KeyGenerator.getInstance("DESede"); > > > } else if > > (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) { > > > //keyGen = > > > KeyGenerator.getInstance("2.16.840.1.101.3.4.1.2"); > > > keyGen = KeyGenerator.getInstance("AES"); > > > } else if > > (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) { > > > //keyGen = > > > KeyGenerator.getInstance("2.16.840.1.101.3.4.1.22"); > > > keyGen = KeyGenerator.getInstance("AES"); > > > } else if > > (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) { > > > //keyGen = > > > KeyGenerator.getInstance("2.16.840.1.101.3.4.1.42"); > > > keyGen = KeyGenerator.getInstance("AES"); > > > > > > Is there a way that I can specify the algorithm name for > > KeyGenerator > > > without modifying the WSS4J source? > > > > > > Thanks! > > > Ray > > > > > > -- > > Davanum Srinivas : http://wso2.com/blogs/ > > > -- Davanum Srinivas : http://wso2.com/blogs/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
