Question about cipher

[Jean-Noel Colin <jn...@oxys.be>]

Hi

I¹m running WSS4J with Axis 1.3 on Tomcat 5.5 on a OS X 10.4.4 machine. I
can sign, add username token, add saml token, add timestamps, but when it
comes to encryption, I have problems. I always get an error about no
provider being available:

 An unsupported signature or encryption algorithm was used (unsupported key
transport encryption algorithm: no provider:
http://www.w3.org/2001/04/xmlenc#rsa-1_5)

I looked at the WSS4J code (or was it the xml-sec code?) and found out that
the provider linked to rsa-1_5 was BC, and after googling a bit, I figured
out that BC was probably BouncyCastle, so I downloaded their JCEProvider,
installed it, and now, I can encrypt my messages.

I have a few questions though:
* why do I have to install a separate provider? Why not use those already
included? 
* shouldn¹t this be mentioned in the documentation?
* shouldn¹t we be allowed to change the cipher algorithm to use an existing
provider?

Thanks for your help

Jean-Noel Colin

Re: Question about cipher

[Werner Dittmann <We...@t-online.de>]

The Sun version of the cipher implementations does not contain all
encryption algorithms required by XML encryption. AFAIK this is also
true if you download and install the strong encryption policy files
from Sun.

Also the WSS4J binary distribution contains a readme.txt file at the
topmost level that clearly lists the required software. In the download
area of WSS4J you can also find an additional zip file that contains
jar files of the listed required software.

If you have a look in the Javadoc files of the handlers and the WSS4J
classes you may see how to define encryption algorithms, both for
symmetrical encryption as well as for asymmetric algorithm.

Regards,
Werner

Jean-Noel Colin wrote:
> Hi
> 
> I’m running WSS4J with Axis 1.3 on Tomcat 5.5 on a OS X 10.4.4 machine.
> I can sign, add username token, add saml token, add timestamps, but when
> it comes to encryption, I have problems. I always get an error about no
> provider being available:
> 
>  An unsupported signature or encryption algorithm was used (unsupported
> key transport encryption algorithm: no provider:
> http://www.w3.org/2001/04/xmlenc#rsa-1_5)
> 
> I looked at the WSS4J code (or was it the xml-sec code?) and found out
> that the provider linked to rsa-1_5 was BC, and after googling a bit, I
> figured out that BC was probably BouncyCastle, so I downloaded their
> JCEProvider, installed it, and now, I can encrypt my messages.
> 
> I have a few questions though:
> 
>     * why do I have to install a separate provider? Why not use those
>       already included?
>     * shouldn’t this be mentioned in the documentation?
>     * shouldn’t we be allowed to change the cipher algorithm to use an
>       existing provider?
> 
> 
> Thanks for your help
> 
> Jean-Noel Colin


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Question about cipher

[Werner Dittmann <We...@t-online.de>]

The Sun version of the cipher implementations does not contain all
encryption algorithms required by XML encryption. AFAIK this is also
true if you download and install the strong encryption policy files
from Sun.

Also the WSS4J binary distribution contains a readme.txt file at the
topmost level that clearly lists the required software. In the download
area of WSS4J you can also find an additional zip file that contains
jar files of the listed required software.

If you have a look in the Javadoc files of the handlers and the WSS4J
classes you may see how to define encryption algorithms, both for
symmetrical encryption as well as for asymmetric algorithm.

Regards,
Werner

Jean-Noel Colin wrote:
> Hi
> 
> I’m running WSS4J with Axis 1.3 on Tomcat 5.5 on a OS X 10.4.4 machine.
> I can sign, add username token, add saml token, add timestamps, but when
> it comes to encryption, I have problems. I always get an error about no
> provider being available:
> 
>  An unsupported signature or encryption algorithm was used (unsupported
> key transport encryption algorithm: no provider:
> http://www.w3.org/2001/04/xmlenc#rsa-1_5)
> 
> I looked at the WSS4J code (or was it the xml-sec code?) and found out
> that the provider linked to rsa-1_5 was BC, and after googling a bit, I
> figured out that BC was probably BouncyCastle, so I downloaded their
> JCEProvider, installed it, and now, I can encrypt my messages.
> 
> I have a few questions though:
> 
>     * why do I have to install a separate provider? Why not use those
>       already included?
>     * shouldn’t this be mentioned in the documentation?
>     * shouldn’t we be allowed to change the cipher algorithm to use an
>       existing provider?
> 
> 
> Thanks for your help
> 
> Jean-Noel Colin


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org