You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by "Stephen Chell (DSL AK)" <St...@datacom.co.nz> on 2004/04/22 23:45:59 UTC
XML Security library & Websphere
Has anybody managed to get an application that uses the Apache XML Security
library successfully running in WebSphere Application Server (v 5.1 ideally,
although if you've done this in earlier versions of WebSphere I'd still like
to hear from you).
In particular: which implementation classes of the crypto algorithms did you
use? IBM's or SUN's ?
If you can provide some guidelines on how you configured this it would be
much appreciated. I'm stuck and can't make any progress until I get this
resolved.
I presume I need to edit org/apache/xml/security/resource/config.xml to
specify JCE algorithm mappings for IBM (which I don't know how to do), or
alternatively deploy a library that includes sun.security.provider.Sun and
any other classes required to use Sun's implementation classes for the
algorithms.
If the latter is the eaiser way to go, which library should I deploy? FYI:
In Sun's JDK 1.4.2, the class sun.security.provider.Sun is located in
[java_home]/jre/lib/rt.jar. IBM's JDK 1.4.1 that comes with WebSphere
doesn't have an rt.jar, but it does have [java_home]/jre/lib/security.jar
which does include several classes from the sun.security.provider package,
but not the all important sun.security.provider.Sun class.
Thanks very much ...
Steve
Re: XML Security library & Websphere
Posted by PD EMail <pd...@yahoo.com>.
Please do add it. I am hoping that someone may know
more about this to validate what i did (i only tested
one algorithm) and to complete missing parts.
Pete Kempf
--- Berin Lautenbach <be...@wingsofhermes.org> wrote:
> Cool! Do you mind if we add these to config.xml?
>
> Cheers,
> Berin
>
> Pete wrote:
>
> > Even though bouncycastle is free, I'd still like
> to use the IBM JCE
> > provider in
> > WebSphere v5. I was able to get it working with
> the Apache Axis
> > samples.security
> (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
> > updating the
> > config.xml as follows:
> >
> > <Provider Id="IBM"
> >
> Class="com.ibm.crypto.provider.IBMJCE"
> > Info="IBM JCE Provider"
> >
> ProviderURL="http://www.ibm.com/" />
> >
> > i had to guess on these algorithms - there may be
> more...or less.
> > i found some documentation here:
> >
>
http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
> > l
> >
>
http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
> > Maybe someone out there knows enought to make this
> complete.
> >
> > <Algorithm
> URI="http://www.w3.org/2001/04/xmldsig-more#md5"
> > Description="MD5 message
> digest from RFC 1321"
> > AlgorithmClass="MessageDigest"
> > RequirementLevel="NOT
> RECOMMENDED"
> >
> >
>
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> > xmldsig-uri-02.txt">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="MD5" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="MD5" />
> > <ProviderAlgo ProviderId="SUN"
> > JCEName="MD5" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2000/09/xmldsig#sha1"
> > Description="SHA-1 message
> digest"
> > AlgorithmClass="MessageDigest"
> > RequirementLevel="REQUIRED">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="SHA1" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="SHA-1" />
> > <ProviderAlgo ProviderId="SUN"
> > JCEName="SHA-1" />
> > <ProviderAlgo ProviderId="IAIK"
> > JCEName="SHA-1" />
> > <ProviderAlgo ProviderId="Cryptix"
> > JCEName="SHA-1" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
> > Description="Digital Signature
> Algorithm with
> > SHA-1 message
> > digest"
> > AlgorithmClass="Signature"
> > RequirementLevel="REQUIRED">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="SHA1WithDSA" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="DSA" />
> > <ProviderAlgo ProviderId="SUN"
> > JCEName="DSAWithSHA1" />
> > <ProviderAlgo ProviderId="IAIK"
> > JCEName="DSA" />
> > </Algorithm>
> >
> > <Algorithm
> URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
> > md5"
> > Description="RSA Signature
> with MD5 message
> > digest"
> > AlgorithmClass="Signature"
> > RequirementLevel="NOT
> RECOMMENDED"
> >
> >
>
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> > xmldsig-uri-02.txt">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="MD5WithRSA" />
> > <ProviderAlgo ProviderId="BC"
> >
> JCEName="MD5WithRSAEncryption" />
> > <ProviderAlgo ProviderId="SunRsaSign"
> > JCEName="MD5WithRSA" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
> > Description="RSA Signature
> with SHA-1 message
> > digest"
> > AlgorithmClass="Signature"
> >
> RequirementLevel="RECOMMENDED">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="SHA1withRSA" />
> > <ProviderAlgo ProviderId="BC"
> >
> JCEName="SHA1WithRSAEncryption" />
> > <ProviderAlgo ProviderId="SunRsaSign"
> > JCEName="SHA1withRSA" />
> > <ProviderAlgo ProviderId="IAIK"
> > JCEName="SHA-1/RSA" />
> > <ProviderAlgo ProviderId="Cryptix"
> > JCEName="SHA-1/RSA" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
> > md5"
> > Description="Message
> Authentication code using
> > MD5"
> > AlgorithmClass="Mac"
> > RequirementLevel="NOT
> RECOMMENDED"
> >
> >
>
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> > xmldsig-uri-02.txt">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="HMAC-MD5" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="HMACMD5" />
> > <ProviderAlgo ProviderId="SunJCE"
> > JCEName="HmacMD5" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
> > Description="Message
> Authentication code using
> > SHA1"
> > AlgorithmClass="Mac"
> > RequirementLevel="REQUIRED">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="HMAC-SHA1" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="HMACSHA1" />
> > <ProviderAlgo ProviderId="SunJCE"
> > JCEName="HmacSHA1" />
> > <ProviderAlgo ProviderId="IAIK"
> > JCEName="HMAC/SHA" />
> > <ProviderAlgo ProviderId="Cryptix"
> > JCEName="HMAC-SHA-1" />
> > </Algorithm>
> >
> >
> >
> >
> >
> >
> >
> >
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
Re: XML Security library & Websphere
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Cool! Do you mind if we add these to config.xml?
Cheers,
Berin
Pete wrote:
> Even though bouncycastle is free, I'd still like to use the IBM JCE
> provider in
> WebSphere v5. I was able to get it working with the Apache Axis
> samples.security (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
> updating the
> config.xml as follows:
>
> <Provider Id="IBM"
> Class="com.ibm.crypto.provider.IBMJCE"
> Info="IBM JCE Provider"
> ProviderURL="http://www.ibm.com/" />
>
> i had to guess on these algorithms - there may be more...or less.
> i found some documentation here:
> http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
> l
> http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
> Maybe someone out there knows enought to make this complete.
>
> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"
> Description="MD5 message digest from RFC 1321"
> AlgorithmClass="MessageDigest"
> RequirementLevel="NOT RECOMMENDED"
>
> SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> xmldsig-uri-02.txt">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="MD5" />
> <ProviderAlgo ProviderId="BC"
> JCEName="MD5" />
> <ProviderAlgo ProviderId="SUN"
> JCEName="MD5" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
> Description="SHA-1 message digest"
> AlgorithmClass="MessageDigest"
> RequirementLevel="REQUIRED">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="SHA1" />
> <ProviderAlgo ProviderId="BC"
> JCEName="SHA-1" />
> <ProviderAlgo ProviderId="SUN"
> JCEName="SHA-1" />
> <ProviderAlgo ProviderId="IAIK"
> JCEName="SHA-1" />
> <ProviderAlgo ProviderId="Cryptix"
> JCEName="SHA-1" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
> Description="Digital Signature Algorithm with
> SHA-1 message
> digest"
> AlgorithmClass="Signature"
> RequirementLevel="REQUIRED">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="SHA1WithDSA" />
> <ProviderAlgo ProviderId="BC"
> JCEName="DSA" />
> <ProviderAlgo ProviderId="SUN"
> JCEName="DSAWithSHA1" />
> <ProviderAlgo ProviderId="IAIK"
> JCEName="DSA" />
> </Algorithm>
>
> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
> md5"
> Description="RSA Signature with MD5 message
> digest"
> AlgorithmClass="Signature"
> RequirementLevel="NOT RECOMMENDED"
>
> SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> xmldsig-uri-02.txt">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="MD5WithRSA" />
> <ProviderAlgo ProviderId="BC"
> JCEName="MD5WithRSAEncryption" />
> <ProviderAlgo ProviderId="SunRsaSign"
> JCEName="MD5WithRSA" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
> Description="RSA Signature with SHA-1 message
> digest"
> AlgorithmClass="Signature"
> RequirementLevel="RECOMMENDED">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="SHA1withRSA" />
> <ProviderAlgo ProviderId="BC"
> JCEName="SHA1WithRSAEncryption" />
> <ProviderAlgo ProviderId="SunRsaSign"
> JCEName="SHA1withRSA" />
> <ProviderAlgo ProviderId="IAIK"
> JCEName="SHA-1/RSA" />
> <ProviderAlgo ProviderId="Cryptix"
> JCEName="SHA-1/RSA" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
> md5"
> Description="Message Authentication code using
> MD5"
> AlgorithmClass="Mac"
> RequirementLevel="NOT RECOMMENDED"
>
> SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> xmldsig-uri-02.txt">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="HMAC-MD5" />
> <ProviderAlgo ProviderId="BC"
> JCEName="HMACMD5" />
> <ProviderAlgo ProviderId="SunJCE"
> JCEName="HmacMD5" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
> Description="Message Authentication code using
> SHA1"
> AlgorithmClass="Mac"
> RequirementLevel="REQUIRED">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="HMAC-SHA1" />
> <ProviderAlgo ProviderId="BC"
> JCEName="HMACSHA1" />
> <ProviderAlgo ProviderId="SunJCE"
> JCEName="HmacSHA1" />
> <ProviderAlgo ProviderId="IAIK"
> JCEName="HMAC/SHA" />
> <ProviderAlgo ProviderId="Cryptix"
> JCEName="HMAC-SHA-1" />
> </Algorithm>
>
>
>
>
>
>
>
>
Re: XML Security library & Websphere
Posted by Pete <pd...@yahoo.com>.
Even though bouncycastle is free, I'd still like to use the IBM JCE
provider in
WebSphere v5. I was able to get it working with the Apache Axis
samples.security (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
updating the
config.xml as follows:
<Provider Id="IBM"
Class="com.ibm.crypto.provider.IBMJCE"
Info="IBM JCE Provider"
ProviderURL="http://www.ibm.com/" />
i had to guess on these algorithms - there may be more...or less.
i found some documentation here:
http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
l
http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
Maybe someone out there knows enought to make this complete.
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"
Description="MD5 message digest from RFC 1321"
AlgorithmClass="MessageDigest"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="MD5" />
<ProviderAlgo ProviderId="BC"
JCEName="MD5" />
<ProviderAlgo ProviderId="SUN"
JCEName="MD5" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
Description="SHA-1 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1" />
<ProviderAlgo ProviderId="BC"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="SUN"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="SHA-1" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
Description="Digital Signature Algorithm with
SHA-1 message
digest"
AlgorithmClass="Signature"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1WithDSA" />
<ProviderAlgo ProviderId="BC"
JCEName="DSA" />
<ProviderAlgo ProviderId="SUN"
JCEName="DSAWithSHA1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="DSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
md5"
Description="RSA Signature with MD5 message
digest"
AlgorithmClass="Signature"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="MD5WithRSA" />
<ProviderAlgo ProviderId="BC"
JCEName="MD5WithRSAEncryption" />
<ProviderAlgo ProviderId="SunRsaSign"
JCEName="MD5WithRSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
Description="RSA Signature with SHA-1 message
digest"
AlgorithmClass="Signature"
RequirementLevel="RECOMMENDED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1withRSA" />
<ProviderAlgo ProviderId="BC"
JCEName="SHA1WithRSAEncryption" />
<ProviderAlgo ProviderId="SunRsaSign"
JCEName="SHA1withRSA" />
<ProviderAlgo ProviderId="IAIK"
JCEName="SHA-1/RSA" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="SHA-1/RSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
md5"
Description="Message Authentication code using
MD5"
AlgorithmClass="Mac"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="HMAC-MD5" />
<ProviderAlgo ProviderId="BC"
JCEName="HMACMD5" />
<ProviderAlgo ProviderId="SunJCE"
JCEName="HmacMD5" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
Description="Message Authentication code using
SHA1"
AlgorithmClass="Mac"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="HMAC-SHA1" />
<ProviderAlgo ProviderId="BC"
JCEName="HMACSHA1" />
<ProviderAlgo ProviderId="SunJCE"
JCEName="HmacSHA1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="HMAC/SHA" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="HMAC-SHA-1" />
</Algorithm>
RE: XML Security library & Websphere
Posted by Scott Cantor <ca...@osu.edu>.
> In particular: which implementation classes of the crypto
> algorithms did you use? IBM's or SUN's ?
Given the JDK concern, using Bouncy Castle probably would be the simplest
path. It's free and I assume it runs ok on IBM's VM.
www.bouncycastle.org
-- Scott