You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/08/14 09:00:00 UTC

[jira] [Commented] (SANTUARIO-490) Use requested SecureRandom for OAEP in XMLCipher.encryptKey

    [ https://issues.apache.org/jira/browse/SANTUARIO-490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16579476#comment-16579476 ] 

Colm O hEigeartaigh commented on SANTUARIO-490:
-----------------------------------------------

I'll fix this by adding an optional secureRandom parameter to encryptKey.

> Use requested SecureRandom for OAEP in XMLCipher.encryptKey
> -----------------------------------------------------------
>
>                 Key: SANTUARIO-490
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-490
>             Project: Santuario
>          Issue Type: Improvement
>          Components: Java
>    Affects Versions: Java 2.1.2
>            Reporter: Steve Mitchell
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: Java 2.1.3
>
>
> There is currently no mechanism to tell XMLCipher.encryptKey() which SecureRandom to use for the random generation within OAEP, so the Sun RNG is used. 
> To make this configurable, one could pass the SecureRandom algorithm to getProviderInstance, and encryptKey could use the requestedJCEProvider to create a SecureRandom instance.  Alternatively, add an optional secureRandom parameter to encryptKey.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)