You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by "Kramp, Raymund" <Ra...@ca.com> on 2005/10/08 00:53:32 UTC

WSS4J w/RSA Crypto-J JCE provider

I've recently been using WSS4J with RSA's Crypto-J 3.5 (JsafeJCE)
provider. I've been able to get it working fine, but have some
questions...

1)  In WSSecurityUtil.getCipherInstance, there's hard-coded references
to the BC provider:

cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC");

I patched this class to use an algorithm from JsafeJCE.  Is this a bug,
or is there another way that I can specify the asymmetric algorithm?  I
saw this mentioned in WSS-6, but the resolution didn't affect
WSSecurityUtil.

2)  When I use AES from JsafeJCE as my symmetric algorithm,
WSEncryptBody.getKeyGenerator retrieves the keygen instance by OID.
This causes a NoSuchAlgorithmException: 2.16... with JsafeJCE.

To get it working, I changed getKeyGenerator() to do AES lookup's by
name:

    private KeyGenerator getKeyGenerator() throws WSSecurityException {
        KeyGenerator keyGen = null;
        try {
            if (symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
                keyGen = KeyGenerator.getInstance("DESede");
            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128))
{
                //keyGen =
KeyGenerator.getInstance("2.16.840.1.101.3.4.1.2");
                keyGen = KeyGenerator.getInstance("AES");
            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192))
{
                //keyGen =
KeyGenerator.getInstance("2.16.840.1.101.3.4.1.22");
                keyGen = KeyGenerator.getInstance("AES");
            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256))
{
                //keyGen =
KeyGenerator.getInstance("2.16.840.1.101.3.4.1.42");
                keyGen = KeyGenerator.getInstance("AES");

Is there a way that I can specify the algorithm name for KeyGenerator
without modifying the WSS4J source?

Thanks!
Ray