You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Aditya Muralidharan <ad...@mastercard.com> on 2009/07/14 17:29:43 UTC

EncryptedKeyResolver doesn't allow specifying provider

Hi,

We are using hardware-based security providers that we need to explicitly 
specify our encryption and decryption providers. I noticed that works for 
key encryption, but the decryption doesn't allow an explicit provider when 
decrypting (in EncryptedKeyResolver) the symmetric key with the 
key-decryption-key. Is there an alternative that allows explicitly 
specifying a provider for the key resolver when decrypting the key?

Thanks.

AD


CONFIDENTIALITY NOTICE
This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.

Re: EncryptedKeyResolver doesn't allow specifying provider

Posted by Sean Mullan <Se...@Sun.COM>.

Please file a bug/rfe at https://issues.apache.org/bugzilla/enter_bug.cgi in the 
Security project.

We need to add a ctor to the EncryptedKeyResolver class that takes an additional 
provider parameter, and then change XMLCipher to call this new ctor and pass it 
the provider it is using.

Unfortunately, this is a new feature so it will have to wait until the next 
release after 1.4.3.

Thanks,
Sean

Aditya Muralidharan wrote:
> 
> Hi,
> 
> We are using hardware-based security providers that we need to 
> explicitly specify our encryption and decryption providers. I noticed 
> that works for key encryption, but the decryption doesn't allow an 
> explicit provider when decrypting (in EncryptedKeyResolver) the 
> symmetric key with the key-decryption-key. Is there an alternative that 
> allows explicitly specifying a provider for the key resolver when 
> decrypting the key?
> 
> Thanks.
> 
> AD
> 
> CONFIDENTIALITY NOTICE
> This e-mail message and any attachments are only for the use of the 
> intended recipient and may contain information that is privileged, 
> confidential or exempt from disclosure under applicable law. If you are 
> not the intended recipient, any disclosure, distribution or other use of 
> this e-mail message or attachments is prohibited. If you have received 
> this e-mail message in error, please delete and notify the sender 
> immediately. Thank you.