You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Matthias Assel <as...@hlrs.de> on 2006/07/14 10:23:57 UTC
Problem encrypting message body using symmetric key from RequestedProofToken

Hi there,

 

I am trying to encrypt a soap message body using the WSEncryptBody class.

I want to use the symmetric key obtained by the RequestedProofToken.

Therefore, I successfully decrypt the RequestedProofToken which provides me
with that key.

After that, I am using this key to encrypt a soap message body, but I always
get the same error.

 

org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is: 

      org.apache.xml.security.encryption.XMLEncryptionException: Illegal key
size or default parameters

Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters

      at
org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java
:545)

      at
org.apache.ws.security.message.WSEncryptBody.buildEmbedded(WSEncryptBody.jav
a:621)

      at
org.apache.ws.security.message.WSEncryptBody.build(WSEncryptBody.java:298)

      at TestDeCryption.main(TestDeCryption.java:52)

 

 

Please have a look at the java code fragment which describes my procedure:

 

RequestedProofToken proof = new
RequestedProofToken(proofToken.getDocumentElement());

proof.doDecryption("PasswordCallback", crypto);

                        

byte[] sharedSecret = proof.getSharedSecret(); 

 

WSEncryptBody encr = new WSEncryptBody ();

encr.setKeyIdentifierType(WSConstants.EMBEDDED_KEYNAME);

encr.setSymmetricEncAlgorithm(WSConstants.AES_256);

encr.setEmbeddedKeyName(crypto.getDefaultX509Alias());

encr.setKey(sharedSecret);

encr.build(msg, crypto);

 

 

If I enable debugging for wss4j, I get the following printout:

 

- X509 SKI alias:
2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314

- cert: [

[

  Version: V3

  Subject: CN=Antenna Service

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 1024 bits

  modulus:
1069455163862623024332378424983699508315075187455033794682428482857803519358
9351798295102773701733486869339345438704668856271225353876912945491843353212
6111764577937184605538232293913220361243537735108827168057917058961029759833
5511223196414157065942536540955399575041810022713289426854694175891538895663
27559

  public exponent: 65537

  Validity: [From: Wed Mar 29 14:24:17 CEST 2006,

               To: Thu Mar 29 14:34:17 CEST 2007]

  Issuer: CN=TC-HPC Certification Authority

  SerialNumber: [    610cab9c 00000000 0006]

 

Certificate Extensions: 5

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: AB B2 93 BE 0A 62 55 2D   6B 28 66 C0 5E D6 E7 56  .....bU-k(f.^..V

0010: 2E 9C 45 21                                        ..E!

]

]

 

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: D3 7B 53 5B 42 03 90 8D   C6 77 6D DD 47 49 B4 5C  ..S[B....wm.GI.\

0010: 00 EC BB DA                                        ....

]

 

]

 

[3]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 37 30 35 30 0E 06 08   2A 86 48 86 F7 0D 03 02  .7050...*.H.....

0010: 02 02 00 80 30 0E 06 08   2A 86 48 86 F7 0D 03 04  ....0...*.H.....

0020: 02 02 00 80 30 07 06 05   2B 0E 03 02 07 30 0A 06  ....0...+....0..

0030: 08 2A 86 48 86 F7 0D 03   07                       .*.H.....

 

 

[4]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

[1.3.6.1.5.5.7.3.2]]

 

[5]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

  DigitalSignature

  Non_repudiation

  Key_Encipherment

  Data_Encipherment

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 9A 7E E4 5A 6E 6D E4 73   55 52 28 A0 B8 46 3F 6D  ...Znm.sUR(..F?m

0010: 8A 68 B2 F4 1B DC 13 28   89 CA 18 8B F8 1F A9 C8  .h.....(........

0020: 5F E9 74 DC 02 8C AA 90   9C E6 6A 4B CB E7 0C 60  _.t.......jK...`

0030: 39 26 BA 7F 0C 4C FB AB   37 A1 B5 05 06 74 A5 92  9&...L..7....t..

0040: E5 4C 7F F5 BD DF 32 8A   7F AF AD 0A C6 D4 82 B6  .L....2.........

0050: B8 84 28 D8 B7 FC D7 E8   60 EE 01 68 13 05 FF 90  ..(.....`..h....

0060: 70 CD E9 0B 0D F6 02 48   4C FE CA A4 24 9F 50 FA  p......HL...$.P.

0070: D8 6C 9C EC 94 76 0D 0B   A5 2F 98 62 5B 74 F8 48  .l...v.../.b[t.H

0080: FB 0A D1 1C 1A 92 FF C2   46 96 7E 2F 4C 60 FB E2  ........F../L`..

0090: 51 A7 EA 76 8C 64 60 67   08 0E E7 61 69 E1 B7 7D  Q..v.d`g...ai...

00A0: 5F D5 D7 BD A5 D6 24 2C   DC C4 71 E9 DB C0 D3 FF  _.....$,..q.....

00B0: AD 74 57 60 6E 69 4B BF   F2 90 51 C6 C9 27 A4 77  .tW`niK...Q..'.w

00C0: 82 B9 7D 88 80 CF 70 16   00 B0 FF 64 8B 41 CD 31  ......p....d.A.1

00D0: 53 22 1A 5C 59 5D 0E 88   D0 27 B7 EC BC 61 C5 05  S".\Y]...'...a..

00E0: 8F 2E E5 F9 73 38 E2 CA   A6 61 61 F4 04 D8 B7 F0  ....s8...aa.....

00F0: F8 76 0D 6A CB 4E A7 8F   8B 8A 41 A7 D2 0C 59 BF  .v.j.N....A...Y.

 

]

- KeyIdentifier Alias:
2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314

Usage is password

- XMLDecrypt: total= 1187, get-sym-key= 1187, decrypt= 0

-  RequestedProofToken, decryption ,Shared secret size is :: 256 bit

- RequestedProofToken :: Encryption done

.

.

.

- Beginning Encryption embedded...

- Encryption Key: javax.crypto.spec.SecretKeySpec@171fe

- Embedded Key Name:
2856716d6f8cf73b1bbfdd1b06d69db2_4cf134b0-e9e7-4132-911e-4a42d945f314

- Getting XMLCipher...

- Constructing XMLCipher...

- Request for URI http://www.w3.org/2001/04/xmlenc#aes256-cbc

- cihper.algoritm = AES/CBC/ISO10126Padding

- Initializing XMLCipher...

- opmode = ENCRYPT_MODE

- Returning EncryptedData

- Processing source element...

- Encrypting element content...

- Encrypting element...

- Serialized octets:

<ns1:testMethod xmlns:ns1="uri:LogTestService2"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"></ns1:testMethod>

org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is: 

            org.apache.xml.security.encryption.XMLEncryptionException:
Illegal key size or default parameters

Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters

            at
org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java
:545)

            at
org.apache.ws.security.message.WSEncryptBody.buildEmbedded(WSEncryptBody.jav
a:621)

            at
org.apache.ws.security.message.WSEncryptBody.build(WSEncryptBody.java:298)

            at TestDeCryption.main(TestDeCryption.java:52)

Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
Illegal key size or default parameters

Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters

            at
org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)

            at
org.apache.xml.security.encryption.XMLCipher.encryptElementContent(Unknown
Source)

            at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown
Source)

            at
org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.java
:543)

            ... 3 more

Cannot encrypt/decrypt data; nested exception is: 

            org.apache.xml.security.encryption.XMLEncryptionException:
Illegal key size or default parameters

Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters

 

The printout points out that the key size (256 bit) is valid for the used
encryption algorithm, but the

exception thrown by wssa4j always argues the converse.

 

Well, I have no idea what the problem is, but I hope that anybody can help
me.