You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by Mike <mc...@gmail.com> on 2009/02/26 08:41:26 UTC

Signature Hashing algorithm and setting certificate for verification

Hi!

A few questions:

1. Is it possible to specify your own Hashing algorithm when
generating signatures?

2. Is it possible to supply a user specified certificate for signature
verification?

3. Is it possible (in WSS4j 1.5.5) to use WSS 1.0 and not 1.1?

4. Is it possible to specify/obtain the strength of encryption to be used?

If you can answer even just one of the above questions please do! :)

Thanks,

Mike

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

RE: Signature Hashing algorithm and setting certificate for verification

Posted by Colm O hEigeartaigh <co...@progress.com>.

> 1. Is it possible to specify your own Hashing algorithm when
> generating signatures?

The "-sha1" bit here specifies the hash algorithm to use when digesting
the SignedInfo blob:

WSSecSignature sign = new WSSecSignature();
sign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
;

You can specify the digest algorithm to use when digesting the
references with:

sign.setDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");

> 2. Is it possible to supply a user specified certificate for signature
> verification?

No, you need to use a keystore I think.

> 3. Is it possible (in WSS4j 1.5.5) to use WSS 1.0 and not 1.1?

WSS 1.1 *is* WSS 1.0, just with some extra functionality like how to
derive keys from Username Tokens etc. They aren't totally different
specifications.

> 4. Is it possible to specify/obtain the strength of encryption to be
used?

Yeah, you can use, e.g.:

WSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#
aes192-cbc")

to use AES with 192 bit keys instead of the default of 128 bit keys.

Colm.

-----Original Message-----
From: Mike [mailto:mcanix@gmail.com] 
Sent: 26 February 2009 07:41
To: wss4j-dev@ws.apache.org
Subject: Signature Hashing algorithm and setting certificate for
verification

Hi!

A few questions:

1. Is it possible to specify your own Hashing algorithm when
generating signatures?

2. Is it possible to supply a user specified certificate for signature
verification?

3. Is it possible (in WSS4j 1.5.5) to use WSS 1.0 and not 1.1?

4. Is it possible to specify/obtain the strength of encryption to be
used?

If you can answer even just one of the above questions please do! :)

Thanks,

Mike

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org