You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Vishal Mahajan <Vi...@Sun.COM> on 2004/10/05 09:11:53 UTC
FYI: [Fwd: Re: [dev-crypto] Non-standard oaep Padding Name]
This is the response I received on the BC dev mailing list regarding the
oaep-padding issue that I mentioned in my previous email (See thread
with subject - "[java] config.xml and JCA/JCE provider issues").
Vishal
Re: FYI: [Fwd: Re: [dev-crypto] Non-standard oaep Padding Name]
Posted by Davanum Srinivas <da...@gmail.com>.
we can easily add the two lines to a static block...let's go for it.
-- dims
On Tue, 05 Oct 2004 12:41:53 +0530, Vishal Mahajan
<vi...@sun.com> wrote:
> This is the response I received on the BC dev mailing list regarding the
> oaep-padding issue that I mentioned in my previous email (See thread
> with subject - "[java] config.xml and JCA/JCE provider issues").
>
> Vishal
>
>
>
> ---------- Forwarded message ----------
> From: David Hook <dg...@myretsu.com>
> To: Vishal Mahajan <Vi...@Sun.COM>
> Date: Tue, 05 Oct 2004 11:31:12 +1000
> Subject: Re: [dev-crypto] Non-standard oaep Padding Name
>
> Thanks for the notification. I note the document also specifies a
> similar convention for PSS signature mechanisms. I've only recently
> started looking at JDK 1.5 - there are a few other things like the
> elliptic curve classes which we are looking at supporting as well hadn't
> gotten to noticing the naming conventions...
>
> In the case of the BC provider "OAEPPadding" represents the default
> settings for the RSAES-OAEP-params object described in the ASN.1 module
> for PKCS#1, or more simply "OAEPWithSHA1andMGF1Padding" under the new
> convention. The reason for the current naming is that "AOEPPadding" has
> been in the provider for over four years, well before any convention was
> proposed, also well before anyone really considered anything other than
> the default...
>
> So, if you need a temporary workaround do a:
>
> Provider bc = Security.getProvider("BC");
>
> bc.put("Alg.Alias.Cipher.RSA/NONE/OAEPWithSHA1AndMGF1Padding","RSA/OAEP");
>
> or if you have a compliance issue stick with OAEPWithSHA1AndMGF1Padding
> in the other provider and everything should behave.
>
> The new naming conventions will be available in the next release. We
> will continue to support "OAEPPadding" as well.
>
> Regards,
>
> David
>
> On Tue, 2004-10-05 at 12:33, Vishal Mahajan wrote:
> > [Re-sending with subject]
> >
> > Hi,
> >
> > The bouncy castle JCE provider jars do not seem to follow the standard
> > JCE naming as described in [1]. Specifically the problem is with Optimal
> > Asymmetric Encryption Padding, whose name should follow the format -
> > "OAEPWith<digest>And<mgf>Padding", but BC provider seems to uses
> > "OAEPPADDING" for this padding.
> >
> > Vishal
> >
> > [1] http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA
> >
>
>
>
--
Davanum Srinivas - http://webservices.apache.org/~dims/