Problem encrypting message body using symmetric key from RequestedProofToken

[Matthias Assel]

Hi there,   I am trying to encrypt a soap message body using the WSEncryptBody class. I want to use the symmetric key obtained by the RequestedProofToken. Therefore, I successfully decrypt the RequestedProofToken which provides me with that key. After that, I am using this key to encrypt a soap message body, but I always get the same error.   org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; nested exception is:       org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters       at org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java:545)       at org.apache.ws.security.message.WSEncryptBody.buildEmbedded(WSEncryptBody.java:621)       at org.apache.ws.security.message.WSEncryptBody.build(WSEncryptBody.java:298)       at TestDeCryption.main(TestDeCryption.java:52)     Please have a look at the java code fragment which describes my procedure:   RequestedProofToken proof = new RequestedProofToken(proofToken.getDocumentElement()); proof.doDecryption("PasswordCallback", crypto);                         byte[] sharedSecret = proof.getSharedSecret();   WSEncryptBody encr = new WSEncryptBody (); encr.setKeyIdentifierType(WSConstants.EMBEDDED_KEYNAME); encr.setSymmetricEncAlgorithm(WSConstants.AES_256); encr.setEmbeddedKeyName(crypto.getDefaultX509Alias()); encr.setKey(sharedSecret); encr.build(msg, crypto);     If I enable debugging for wss4j, I get the following printout:   - X509 SKI alias: 2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314 - cert: [ [   Version: V3   Subject: CN=Antenna Service   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5     Key:  Sun RSA public key, 1024 bits   modulus: 106945516386262302433237842498369950831507518745503379468242848285780351935893517982951027737017334868693393454387046688562712253538769129454918433532126111764577937184605538232293913220361243537735108827168057917058961029759833551122319641415706594253654095539957504181002271328942685469417589153889566327559   public exponent: 65537   Validity: [From: Wed Mar 29 14:24:17 CEST 2006,                To: Thu Mar 29 14:34:17 CEST 2007]   Issuer: CN=TC-HPC Certification Authority   SerialNumber: [    610cab9c 00000000 0006]   Certificate Extensions: 5 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AB B2 93 BE 0A 62 55 2D   6B 28 66 C0 5E D6 E7 56  .....bU-k(f.^..V 0010: 2E 9C 45 21                                        ..E! ] ]   [2]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: D3 7B 53 5B 42 03 90 8D   C6 77 6D DD 47 49 B4 5C  ..S[B....wm.GI.\ 0010: 00 EC BB DA                                        .... ]   ]   [3]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 37 30 35 30 0E 06 08   2A 86 48 86 F7 0D 03 02  .7050...*.H..... 0010: 02 02 00 80 30 0E 06 08   2A 86 48 86 F7 0D 03 04  ....0...*.H..... 0020: 02 02 00 80 30 07 06 05   2B 0E 03 02 07 30 0A 06  ....0...+....0.. 0030: 08 2A 86 48 86 F7 0D 03   07                       .*.H.....     [4]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ [1.3.6.1.5.5.7.3.2]]   [5]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [   DigitalSignature   Non_repudiation   Key_Encipherment   Data_Encipherment ]   ]   Algorithm: [SHA1withRSA]   Signature: 0000: 9A 7E E4 5A 6E 6D E4 73   55 52 28 A0 B8 46 3F 6D  ...Znm.sUR(..F?m 0010: 8A 68 B2 F4 1B DC 13 28   89 CA 18 8B F8 1F A9 C8  .h.....(........ 0020: 5F E9 74 DC 02 8C AA 90   9C E6 6A 4B CB E7 0C 60  _.t.......jK...` 0030: 39 26 BA 7F 0C 4C FB AB   37 A1 B5 05 06 74 A5 92  9&...L..7....t.. 0040: E5 4C 7F F5 BD DF 32 8A   7F AF AD 0A C6 D4 82 B6  .L....2......... 0050: B8 84 28 D8 B7 FC D7 E8   60 EE 01 68 13 05 FF 90  ..(.....`..h.... 0060: 70 CD E9 0B 0D F6 02 48   4C FE CA A4 24 9F 50 FA  p......HL...$.P. 0070: D8 6C 9C EC 94 76 0D 0B   A5 2F 98 62 5B 74 F8 48  .l...v.../.b[t.H 0080: FB 0A D1 1C 1A 92 FF C2   46 96 7E 2F 4C 60 FB E2  ........F../L`.. 0090: 51 A7 EA 76 8C 64 60 67   08 0E E7 61 69 E1 B7 7D  Q..v.d`g...ai... 00A0: 5F D5 D7 BD A5 D6 24 2C   DC C4 71 E9 DB C0 D3 FF  _.....$,..q..... 00B0: AD 74 57 60 6E 69 4B BF   F2 90 51 C6 C9 27 A4 77  .tW`niK...Q..'.w 00C0: 82 B9 7D 88 80 CF 70 16   00 B0 FF 64 8B 41 CD 31  ......p....d.A.1 00D0: 53 22 1A 5C 59 5D 0E 88   D0 27 B7 EC BC 61 C5 05  S".\Y]...'...a.. 00E0: 8F 2E E5 F9 73 38 E2 CA   A6 61 61 F4 04 D8 B7 F0  ....s8...aa..... 00F0: F8 76 0D 6A CB 4E A7 8F   8B 8A 41 A7 D2 0C 59 BF  .v.j.N....A...Y.   ] - KeyIdentifier Alias: 2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314 Usage is password - XMLDecrypt: total= 1187, get-sym-key= 1187, decrypt= 0 -  RequestedProofToken, decryption ,Shared secret size is :: 256 bit - RequestedProofToken :: Encryption done . . . - Beginning Encryption embedded... - Encryption Key: [EMAIL PROTECTED] - Embedded Key Name: 2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314 - Getting XMLCipher... - Constructing XMLCipher... - Request for URI http://www.w3.org/2001/04/xmlenc#aes256-cbc - cihper.algoritm = AES/CBC/ISO10126Padding - Initializing XMLCipher... - opmode = ENCRYPT_MODE - Returning EncryptedData - Processing source element... - Encrypting element content... - Encrypting element... - Serialized octets: <ns1:testMethod xmlns:ns1="uri:LogTestService2" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"></ns1:testMethod> org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; nested exception is:             org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters             at org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java:545)             at org.apache.ws.security.message.WSEncryptBody.buildEmbedded(WSEncryptBody.java:621)             at org.apache.ws.security.message.WSEncryptBody.build(WSEncryptBody.java:298)             at TestDeCryption.main(TestDeCryption.java:52) Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters             at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)             at org.apache.xml.security.encryption.XMLCipher.encryptElementContent(Unknown Source)             at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown Source)             at org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java:543)             ... 3 more Cannot encrypt/decrypt data; nested exception is:             org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters   The printout points out that the key size (256 bit) is valid for the used encryption algorithm, but the exception thrown by wssa4j always argues the converse.   Well, I have no idea what the problem is, but I hope that anybody can help me.