You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Mike <mc...@gmail.com> on 2009/02/26 08:41:26 UTC
Signature Hashing algorithm and setting certificate for verification
Hi!
A few questions:
1. Is it possible to specify your own Hashing algorithm when
generating signatures?
2. Is it possible to supply a user specified certificate for signature
verification?
3. Is it possible (in WSS4j 1.5.5) to use WSS 1.0 and not 1.1?
4. Is it possible to specify/obtain the strength of encryption to be used?
If you can answer even just one of the above questions please do! :)
Thanks,
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Signature Hashing algorithm and setting certificate for verification
Posted by Colm O hEigeartaigh <co...@progress.com>.
> 1. Is it possible to specify your own Hashing algorithm when
> generating signatures?
The "-sha1" bit here specifies the hash algorithm to use when digesting
the SignedInfo blob:
WSSecSignature sign = new WSSecSignature();
sign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
;
You can specify the digest algorithm to use when digesting the
references with:
sign.setDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
> 2. Is it possible to supply a user specified certificate for signature
> verification?
No, you need to use a keystore I think.
> 3. Is it possible (in WSS4j 1.5.5) to use WSS 1.0 and not 1.1?
WSS 1.1 *is* WSS 1.0, just with some extra functionality like how to
derive keys from Username Tokens etc. They aren't totally different
specifications.
> 4. Is it possible to specify/obtain the strength of encryption to be
used?
Yeah, you can use, e.g.:
WSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#
aes192-cbc")
to use AES with 192 bit keys instead of the default of 128 bit keys.
Colm.
-----Original Message-----
From: Mike [mailto:mcanix@gmail.com]
Sent: 26 February 2009 07:41
To: wss4j-dev@ws.apache.org
Subject: Signature Hashing algorithm and setting certificate for
verification
Hi!
A few questions:
1. Is it possible to specify your own Hashing algorithm when
generating signatures?
2. Is it possible to supply a user specified certificate for signature
verification?
3. Is it possible (in WSS4j 1.5.5) to use WSS 1.0 and not 1.1?
4. Is it possible to specify/obtain the strength of encryption to be
used?
If you can answer even just one of the above questions please do! :)
Thanks,
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org