You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Ashishz <as...@gmail.com> on 2010/05/05 13:33:40 UTC
Encryption issue
Hello Guys,
I am using apache cxf for web service and using WS-SecureConverstationToken
for security. But when I try to use it with normal jce which comes by
default with jdk, I get the exception.
Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
Illegal key size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters
Then I used the JCE with unlimited strength and it worked.
But there are some legal obligations with JCE with unlimited strength. Some
countries don't allow such encryption. In that perspective, I cant use this
security module for my project.
My question is: Is it mandatory to use JCE unlimited strength with
WS-SecureConverstationToken + CXF? If not how can I leverage default JCE
which shipped with JRE 6.
Thank you very much in advance
--
View this message in context: http://old.nabble.com/Encryption-issue-tp28459661p28459661.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Encryption issue
Posted by Daniel Kulp <dk...@apache.org>.
On Thursday 06 May 2010 4:09:00 am Ashishz wrote:
> Hello DKulp,
>
> Thank you very much for response.
>
> So CXF 2.2.8 onwards I should be able to use 128 bit key for
> WS-SecureConverstationToken. That's great.
>
> In your reply, You mentioned "Tomorrow's snapshots should be all set." But
> I downloaded the 2.2.8 snapshot I got below error:
>
> May 6, 2010 1:34:29 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> handleMessage
> WARNING: Request does not contain required Security header, but it's a
> fault.
> javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying
> security for the message.
>
> Please confirm me, Is that problem solved or you are still working on
> that??
I would have no idea what would cause that, so no, I'm not working on it.
You would need to look at the server side log to figure out what about the
incoming message was "wrong".
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Re: Encryption issue
Posted by Ashishz <as...@gmail.com>.
Hello DKulp,
Thank you very much for response.
So CXF 2.2.8 onwards I should be able to use 128 bit key for
WS-SecureConverstationToken. That's great.
In your reply, You mentioned "Tomorrow's snapshots should be all set." But I
downloaded the 2.2.8 snapshot I got below error:
May 6, 2010 1:34:29 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING: Request does not contain required Security header, but it's a
fault.
javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying
security for the message.
Please confirm me, Is that problem solved or you are still working on that??
Thank you very much for your response.
dkulp wrote:
>
>
> This seems to be a "defect". Ideally, you would just need to change the
> algorithmSuite in the SymetricBinding (not the bootstrap policy) of the
> policy
> from Basic256 to Basic128 and the runtime would pick that up and request a
> 128bit key instead of a 256bit one. That isn't there right now though.
>
> I'm testing a fix now so it should get into 2.2.8. Tomorrow's snapshots
> should be all set.
>
>
> Dan
>
>
> On Wednesday 05 May 2010 7:33:40 am Ashishz wrote:
>> Hello Guys,
>> I am using apache cxf for web service and using
>> WS-SecureConverstationToken
>> for security. But when I try to use it with normal jce which comes by
>> default with jdk, I get the exception.
>>
>> Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
>> Illegal key size or default parameters
>> Original Exception was java.security.InvalidKeyException: Illegal key
>> size
>> or default parameters
>>
>> Then I used the JCE with unlimited strength and it worked.
>>
>> But there are some legal obligations with JCE with unlimited strength.
>> Some
>> countries don't allow such encryption. In that perspective, I cant use
>> this
>> security module for my project.
>>
>> My question is: Is it mandatory to use JCE unlimited strength with
>> WS-SecureConverstationToken + CXF? If not how can I leverage default JCE
>> which shipped with JRE 6.
>>
>> Thank you very much in advance
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
>
>
--
View this message in context: http://old.nabble.com/Encryption-issue-tp28459661p28470467.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Encryption issue
Posted by Daniel Kulp <dk...@apache.org>.
This seems to be a "defect". Ideally, you would just need to change the
algorithmSuite in the SymetricBinding (not the bootstrap policy) of the policy
from Basic256 to Basic128 and the runtime would pick that up and request a
128bit key instead of a 256bit one. That isn't there right now though.
I'm testing a fix now so it should get into 2.2.8. Tomorrow's snapshots
should be all set.
Dan
On Wednesday 05 May 2010 7:33:40 am Ashishz wrote:
> Hello Guys,
> I am using apache cxf for web service and using WS-SecureConverstationToken
> for security. But when I try to use it with normal jce which comes by
> default with jdk, I get the exception.
>
> Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
> Illegal key size or default parameters
> Original Exception was java.security.InvalidKeyException: Illegal key size
> or default parameters
>
> Then I used the JCE with unlimited strength and it worked.
>
> But there are some legal obligations with JCE with unlimited strength. Some
> countries don't allow such encryption. In that perspective, I cant use this
> security module for my project.
>
> My question is: Is it mandatory to use JCE unlimited strength with
> WS-SecureConverstationToken + CXF? If not how can I leverage default JCE
> which shipped with JRE 6.
>
> Thank you very much in advance
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog