Thanks a lot for the response, Chang. I was refering more to the data encrypted in the payload of a SOAP message (thereby the AES in the title), although I have noticed that the encryptedKey is also different each time.
The reason efectively seems that is what you said: random numbers. Respect to the payload, after looking at the source code, seems that the JDK class javax.crypto.Chipher generates a random IV. I don't know if there is a way to generate a fixed IV. Respect to the encryptedKey, seems that is the padding what is generated randomly. I have read that this is so for security reasons, which makes sense in a general case. The problem of all that is that WSS4J doesn't decrypt well the payload encrypted with the PHP's mcrypt funcions, and I am trying to find the reason. Best regards, /Enric --- CHANG Shuh <[EMAIL PROTECTED]> escribió: > It's hard to say without knowing more about your > scenario. However, there might be some clues for > that. For example, in UsernameToken, there are two > possible factors that could affect the outcome of > the password digest (which may or may not be related > to what you were referring to as encrypted data): > random number (nonce) and timestamp (created). Each > time you make a call, you would get a different > nonce and timestamp, and therefore different > password digest even though you use the same > password each time... > > Regards, > Shuh > > > > -----Original Message----- > > From: Enric Jaen [mailto:[EMAIL PROTECTED] > > Sent: Monday, May 28, 2007 9:37 AM > > To: wss4j-dev@ws.apache.org > > Subject: RV: AES - newbie question > > > > Sorry, just to clarify that this issue is > happening with WSS4J. > > /Enric > > > > > > --- Enric Jaen <[EMAIL PROTECTED]> escribió: > > > > > Fecha: Mon, 28 May 2007 09:31:19 +0200 (CEST) > > > De: Enric Jaen <[EMAIL PROTECTED]> > > > Asunto: AES - newbie question > > > Para: wss4j-dev@ws.apache.org > > > > > > > > > Hi, I am quite newbie about security and I have > a simple question: > > > > > > When encrypting the data I am forcing the same > key, but I > > have noticed > > > that the encrypted data is different in each > call. Shouldn't it be > > > always the same? > > > > > > Thanks for any explanation, > > > > > > /Enric > > > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________ > > ______________________ > > > ¡Descubre una nueva forma de obtener respuestas > a tus preguntas! > > > Entra en Yahoo! Respuestas. > > > http://es.answers.yahoo.com/info/welcome > > > > > > > > > > > > > ______________________________________________ > > LLama Gratis a cualquier PC del Mundo. > > Llamadas a fijos y móviles desde 1 céntimo por > minuto. > > http://es.voice.yahoo.com > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
