You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Pete <pd...@yahoo.com> on 2004/06/04 14:40:19 UTC
Re: XML Security library & Websphere
Even though bouncycastle is free, I'd still like to use the IBM JCE
provider in
WebSphere v5. I was able to get it working with the Apache Axis
samples.security (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
updating the
config.xml as follows:
<Provider Id="IBM"
Class="com.ibm.crypto.provider.IBMJCE"
Info="IBM JCE Provider"
ProviderURL="http://www.ibm.com/" />
i had to guess on these algorithms - there may be more...or less.
i found some documentation here:
http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
l
http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
Maybe someone out there knows enought to make this complete.
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"
Description="MD5 message digest from RFC 1321"
AlgorithmClass="MessageDigest"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="MD5" />
<ProviderAlgo ProviderId="BC"
JCEName="MD5" />
<ProviderAlgo ProviderId="SUN"
JCEName="MD5" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
Description="SHA-1 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1" />
<ProviderAlgo ProviderId="BC"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="SUN"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="SHA-1" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
Description="Digital Signature Algorithm with
SHA-1 message
digest"
AlgorithmClass="Signature"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1WithDSA" />
<ProviderAlgo ProviderId="BC"
JCEName="DSA" />
<ProviderAlgo ProviderId="SUN"
JCEName="DSAWithSHA1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="DSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
md5"
Description="RSA Signature with MD5 message
digest"
AlgorithmClass="Signature"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="MD5WithRSA" />
<ProviderAlgo ProviderId="BC"
JCEName="MD5WithRSAEncryption" />
<ProviderAlgo ProviderId="SunRsaSign"
JCEName="MD5WithRSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
Description="RSA Signature with SHA-1 message
digest"
AlgorithmClass="Signature"
RequirementLevel="RECOMMENDED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1withRSA" />
<ProviderAlgo ProviderId="BC"
JCEName="SHA1WithRSAEncryption" />
<ProviderAlgo ProviderId="SunRsaSign"
JCEName="SHA1withRSA" />
<ProviderAlgo ProviderId="IAIK"
JCEName="SHA-1/RSA" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="SHA-1/RSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
md5"
Description="Message Authentication code using
MD5"
AlgorithmClass="Mac"
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="HMAC-MD5" />
<ProviderAlgo ProviderId="BC"
JCEName="HMACMD5" />
<ProviderAlgo ProviderId="SunJCE"
JCEName="HmacMD5" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
Description="Message Authentication code using
SHA1"
AlgorithmClass="Mac"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="HMAC-SHA1" />
<ProviderAlgo ProviderId="BC"
JCEName="HMACSHA1" />
<ProviderAlgo ProviderId="SunJCE"
JCEName="HmacSHA1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="HMAC/SHA" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="HMAC-SHA-1" />
</Algorithm>
Re: XML Security library & Websphere
Posted by PD EMail <pd...@yahoo.com>.
Please do add it. I am hoping that someone may know
more about this to validate what i did (i only tested
one algorithm) and to complete missing parts.
Pete Kempf
--- Berin Lautenbach <be...@wingsofhermes.org> wrote:
> Cool! Do you mind if we add these to config.xml?
>
> Cheers,
> Berin
>
> Pete wrote:
>
> > Even though bouncycastle is free, I'd still like
> to use the IBM JCE
> > provider in
> > WebSphere v5. I was able to get it working with
> the Apache Axis
> > samples.security
> (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
> > updating the
> > config.xml as follows:
> >
> > <Provider Id="IBM"
> >
> Class="com.ibm.crypto.provider.IBMJCE"
> > Info="IBM JCE Provider"
> >
> ProviderURL="http://www.ibm.com/" />
> >
> > i had to guess on these algorithms - there may be
> more...or less.
> > i found some documentation here:
> >
>
http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
> > l
> >
>
http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
> > Maybe someone out there knows enought to make this
> complete.
> >
> > <Algorithm
> URI="http://www.w3.org/2001/04/xmldsig-more#md5"
> > Description="MD5 message
> digest from RFC 1321"
> > AlgorithmClass="MessageDigest"
> > RequirementLevel="NOT
> RECOMMENDED"
> >
> >
>
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> > xmldsig-uri-02.txt">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="MD5" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="MD5" />
> > <ProviderAlgo ProviderId="SUN"
> > JCEName="MD5" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2000/09/xmldsig#sha1"
> > Description="SHA-1 message
> digest"
> > AlgorithmClass="MessageDigest"
> > RequirementLevel="REQUIRED">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="SHA1" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="SHA-1" />
> > <ProviderAlgo ProviderId="SUN"
> > JCEName="SHA-1" />
> > <ProviderAlgo ProviderId="IAIK"
> > JCEName="SHA-1" />
> > <ProviderAlgo ProviderId="Cryptix"
> > JCEName="SHA-1" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
> > Description="Digital Signature
> Algorithm with
> > SHA-1 message
> > digest"
> > AlgorithmClass="Signature"
> > RequirementLevel="REQUIRED">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="SHA1WithDSA" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="DSA" />
> > <ProviderAlgo ProviderId="SUN"
> > JCEName="DSAWithSHA1" />
> > <ProviderAlgo ProviderId="IAIK"
> > JCEName="DSA" />
> > </Algorithm>
> >
> > <Algorithm
> URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
> > md5"
> > Description="RSA Signature
> with MD5 message
> > digest"
> > AlgorithmClass="Signature"
> > RequirementLevel="NOT
> RECOMMENDED"
> >
> >
>
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> > xmldsig-uri-02.txt">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="MD5WithRSA" />
> > <ProviderAlgo ProviderId="BC"
> >
> JCEName="MD5WithRSAEncryption" />
> > <ProviderAlgo ProviderId="SunRsaSign"
> > JCEName="MD5WithRSA" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
> > Description="RSA Signature
> with SHA-1 message
> > digest"
> > AlgorithmClass="Signature"
> >
> RequirementLevel="RECOMMENDED">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="SHA1withRSA" />
> > <ProviderAlgo ProviderId="BC"
> >
> JCEName="SHA1WithRSAEncryption" />
> > <ProviderAlgo ProviderId="SunRsaSign"
> > JCEName="SHA1withRSA" />
> > <ProviderAlgo ProviderId="IAIK"
> > JCEName="SHA-1/RSA" />
> > <ProviderAlgo ProviderId="Cryptix"
> > JCEName="SHA-1/RSA" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
> > md5"
> > Description="Message
> Authentication code using
> > MD5"
> > AlgorithmClass="Mac"
> > RequirementLevel="NOT
> RECOMMENDED"
> >
> >
>
SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> > xmldsig-uri-02.txt">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="HMAC-MD5" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="HMACMD5" />
> > <ProviderAlgo ProviderId="SunJCE"
> > JCEName="HmacMD5" />
> > </Algorithm>
> > <Algorithm
> URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
> > Description="Message
> Authentication code using
> > SHA1"
> > AlgorithmClass="Mac"
> > RequirementLevel="REQUIRED">
> > <ProviderAlgo ProviderId="IBMJCE"
> > JCEName="HMAC-SHA1" />
> > <ProviderAlgo ProviderId="BC"
> > JCEName="HMACSHA1" />
> > <ProviderAlgo ProviderId="SunJCE"
> > JCEName="HmacSHA1" />
> > <ProviderAlgo ProviderId="IAIK"
> > JCEName="HMAC/SHA" />
> > <ProviderAlgo ProviderId="Cryptix"
> > JCEName="HMAC-SHA-1" />
> > </Algorithm>
> >
> >
> >
> >
> >
> >
> >
> >
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
Re: XML Security library & Websphere
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Cool! Do you mind if we add these to config.xml?
Cheers,
Berin
Pete wrote:
> Even though bouncycastle is free, I'd still like to use the IBM JCE
> provider in
> WebSphere v5. I was able to get it working with the Apache Axis
> samples.security (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
> updating the
> config.xml as follows:
>
> <Provider Id="IBM"
> Class="com.ibm.crypto.provider.IBMJCE"
> Info="IBM JCE Provider"
> ProviderURL="http://www.ibm.com/" />
>
> i had to guess on these algorithms - there may be more...or less.
> i found some documentation here:
> http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
> l
> http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
> Maybe someone out there knows enought to make this complete.
>
> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"
> Description="MD5 message digest from RFC 1321"
> AlgorithmClass="MessageDigest"
> RequirementLevel="NOT RECOMMENDED"
>
> SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> xmldsig-uri-02.txt">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="MD5" />
> <ProviderAlgo ProviderId="BC"
> JCEName="MD5" />
> <ProviderAlgo ProviderId="SUN"
> JCEName="MD5" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
> Description="SHA-1 message digest"
> AlgorithmClass="MessageDigest"
> RequirementLevel="REQUIRED">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="SHA1" />
> <ProviderAlgo ProviderId="BC"
> JCEName="SHA-1" />
> <ProviderAlgo ProviderId="SUN"
> JCEName="SHA-1" />
> <ProviderAlgo ProviderId="IAIK"
> JCEName="SHA-1" />
> <ProviderAlgo ProviderId="Cryptix"
> JCEName="SHA-1" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
> Description="Digital Signature Algorithm with
> SHA-1 message
> digest"
> AlgorithmClass="Signature"
> RequirementLevel="REQUIRED">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="SHA1WithDSA" />
> <ProviderAlgo ProviderId="BC"
> JCEName="DSA" />
> <ProviderAlgo ProviderId="SUN"
> JCEName="DSAWithSHA1" />
> <ProviderAlgo ProviderId="IAIK"
> JCEName="DSA" />
> </Algorithm>
>
> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
> md5"
> Description="RSA Signature with MD5 message
> digest"
> AlgorithmClass="Signature"
> RequirementLevel="NOT RECOMMENDED"
>
> SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> xmldsig-uri-02.txt">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="MD5WithRSA" />
> <ProviderAlgo ProviderId="BC"
> JCEName="MD5WithRSAEncryption" />
> <ProviderAlgo ProviderId="SunRsaSign"
> JCEName="MD5WithRSA" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
> Description="RSA Signature with SHA-1 message
> digest"
> AlgorithmClass="Signature"
> RequirementLevel="RECOMMENDED">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="SHA1withRSA" />
> <ProviderAlgo ProviderId="BC"
> JCEName="SHA1WithRSAEncryption" />
> <ProviderAlgo ProviderId="SunRsaSign"
> JCEName="SHA1withRSA" />
> <ProviderAlgo ProviderId="IAIK"
> JCEName="SHA-1/RSA" />
> <ProviderAlgo ProviderId="Cryptix"
> JCEName="SHA-1/RSA" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
> md5"
> Description="Message Authentication code using
> MD5"
> AlgorithmClass="Mac"
> RequirementLevel="NOT RECOMMENDED"
>
> SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
> xmldsig-uri-02.txt">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="HMAC-MD5" />
> <ProviderAlgo ProviderId="BC"
> JCEName="HMACMD5" />
> <ProviderAlgo ProviderId="SunJCE"
> JCEName="HmacMD5" />
> </Algorithm>
> <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
> Description="Message Authentication code using
> SHA1"
> AlgorithmClass="Mac"
> RequirementLevel="REQUIRED">
> <ProviderAlgo ProviderId="IBMJCE"
> JCEName="HMAC-SHA1" />
> <ProviderAlgo ProviderId="BC"
> JCEName="HMACSHA1" />
> <ProviderAlgo ProviderId="SunJCE"
> JCEName="HmacSHA1" />
> <ProviderAlgo ProviderId="IAIK"
> JCEName="HMAC/SHA" />
> <ProviderAlgo ProviderId="Cryptix"
> JCEName="HMAC-SHA-1" />
> </Algorithm>
>
>
>
>
>
>
>
>