You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Matthias Assel <as...@hlrs.de> on 2006/07/14 10:23:57 UTC
Problem encrypting message body using symmetric key from RequestedProofToken
Hi there,
I am trying to encrypt a soap message body using the WSEncryptBody class.
I want to use the symmetric key obtained by the RequestedProofToken.
Therefore, I successfully decrypt the RequestedProofToken which provides me
with that key.
After that, I am using this key to encrypt a soap message body, but I always
get the same error.
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: Illegal key
size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters
at
org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java
:545)
at
org.apache.ws.security.message.WSEncryptBody.buildEmbedded(WSEncryptBody.jav
a:621)
at
org.apache.ws.security.message.WSEncryptBody.build(WSEncryptBody.java:298)
at TestDeCryption.main(TestDeCryption.java:52)
Please have a look at the java code fragment which describes my procedure:
RequestedProofToken proof = new
RequestedProofToken(proofToken.getDocumentElement());
proof.doDecryption("PasswordCallback", crypto);
byte[] sharedSecret = proof.getSharedSecret();
WSEncryptBody encr = new WSEncryptBody ();
encr.setKeyIdentifierType(WSConstants.EMBEDDED_KEYNAME);
encr.setSymmetricEncAlgorithm(WSConstants.AES_256);
encr.setEmbeddedKeyName(crypto.getDefaultX509Alias());
encr.setKey(sharedSecret);
encr.build(msg, crypto);
If I enable debugging for wss4j, I get the following printout:
- X509 SKI alias:
2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314
- cert: [
[
Version: V3
Subject: CN=Antenna Service
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus:
1069455163862623024332378424983699508315075187455033794682428482857803519358
9351798295102773701733486869339345438704668856271225353876912945491843353212
6111764577937184605538232293913220361243537735108827168057917058961029759833
5511223196414157065942536540955399575041810022713289426854694175891538895663
27559
public exponent: 65537
Validity: [From: Wed Mar 29 14:24:17 CEST 2006,
To: Thu Mar 29 14:34:17 CEST 2007]
Issuer: CN=TC-HPC Certification Authority
SerialNumber: [ 610cab9c 00000000 0006]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB B2 93 BE 0A 62 55 2D 6B 28 66 C0 5E D6 E7 56 .....bU-k(f.^..V
0010: 2E 9C 45 21 ..E!
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D3 7B 53 5B 42 03 90 8D C6 77 6D DD 47 49 B4 5C ..S[B....wm.GI.\
0010: 00 EC BB DA ....
]
]
[3]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 .7050...*.H.....
0010: 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 ....0...*.H.....
0020: 02 02 00 80 30 07 06 05 2B 0E 03 02 07 30 0A 06 ....0...+....0..
0030: 08 2A 86 48 86 F7 0D 03 07 .*.H.....
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 9A 7E E4 5A 6E 6D E4 73 55 52 28 A0 B8 46 3F 6D ...Znm.sUR(..F?m
0010: 8A 68 B2 F4 1B DC 13 28 89 CA 18 8B F8 1F A9 C8 .h.....(........
0020: 5F E9 74 DC 02 8C AA 90 9C E6 6A 4B CB E7 0C 60 _.t.......jK...`
0030: 39 26 BA 7F 0C 4C FB AB 37 A1 B5 05 06 74 A5 92 9&...L..7....t..
0040: E5 4C 7F F5 BD DF 32 8A 7F AF AD 0A C6 D4 82 B6 .L....2.........
0050: B8 84 28 D8 B7 FC D7 E8 60 EE 01 68 13 05 FF 90 ..(.....`..h....
0060: 70 CD E9 0B 0D F6 02 48 4C FE CA A4 24 9F 50 FA p......HL...$.P.
0070: D8 6C 9C EC 94 76 0D 0B A5 2F 98 62 5B 74 F8 48 .l...v.../.b[t.H
0080: FB 0A D1 1C 1A 92 FF C2 46 96 7E 2F 4C 60 FB E2 ........F../L`..
0090: 51 A7 EA 76 8C 64 60 67 08 0E E7 61 69 E1 B7 7D Q..v.d`g...ai...
00A0: 5F D5 D7 BD A5 D6 24 2C DC C4 71 E9 DB C0 D3 FF _.....$,..q.....
00B0: AD 74 57 60 6E 69 4B BF F2 90 51 C6 C9 27 A4 77 .tW`niK...Q..'.w
00C0: 82 B9 7D 88 80 CF 70 16 00 B0 FF 64 8B 41 CD 31 ......p....d.A.1
00D0: 53 22 1A 5C 59 5D 0E 88 D0 27 B7 EC BC 61 C5 05 S".\Y]...'...a..
00E0: 8F 2E E5 F9 73 38 E2 CA A6 61 61 F4 04 D8 B7 F0 ....s8...aa.....
00F0: F8 76 0D 6A CB 4E A7 8F 8B 8A 41 A7 D2 0C 59 BF .v.j.N....A...Y.
]
- KeyIdentifier Alias:
2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314
Usage is password
- XMLDecrypt: total= 1187, get-sym-key= 1187, decrypt= 0
- RequestedProofToken, decryption ,Shared secret size is :: 256 bit
- RequestedProofToken :: Encryption done
.
.
.
- Beginning Encryption embedded...
- Encryption Key: javax.crypto.spec.SecretKeySpec@171fe
- Embedded Key Name:
2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314
- Getting XMLCipher...
- Constructing XMLCipher...
- Request for URI http://www.w3.org/2001/04/xmlenc#aes256-cbc
- cihper.algoritm = AES/CBC/ISO10126Padding
- Initializing XMLCipher...
- opmode = ENCRYPT_MODE
- Returning EncryptedData
- Processing source element...
- Encrypting element content...
- Encrypting element...
- Serialized octets:
<ns1:testMethod xmlns:ns1="uri:LogTestService2"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"></ns1:testMethod>
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException:
Illegal key size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters
at
org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java
:545)
at
org.apache.ws.security.message.WSEncryptBody.buildEmbedded(WSEncryptBody.jav
a:621)
at
org.apache.ws.security.message.WSEncryptBody.build(WSEncryptBody.java:298)
at TestDeCryption.main(TestDeCryption.java:52)
Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
Illegal key size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters
at
org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
at
org.apache.xml.security.encryption.XMLCipher.encryptElementContent(Unknown
Source)
at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown
Source)
at
org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java
:543)
... 3 more
Cannot encrypt/decrypt data; nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException:
Illegal key size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters
The printout points out that the key size (256 bit) is valid for the used
encryption algorithm, but the
exception thrown by wssa4j always argues the converse.
Well, I have no idea what the problem is, but I hope that anybody can help
me.