On 10/23/2014 04:38 AM, Martin Vich wrote:
Hi,
how does xmlsec java library 2.0.2 supports AES/CBC/PKCS5PADDING xml
encryption with predefined AES IV parameter ?
No.
This is simple Java example :
String aesKeyAsHEXString = ...
String aesIvAsHEXString = ...
String secretContent = "my secret content !";
SecretKeySpec skeySpec = new
SecretKeySpec(Hex.decode(aesKeyAsHEXString), "AES");
AlgorithmParameterSpec params = new
IvParameterSpec(Hex.decode(aesIvAsHEXString));
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, params);
String encryptedContent =
Base64.encode(cipher.doFinal(secretContent.getBytes()));
as you can see Cipher#init method allows do define
AlgorithmParameterSpec, but I did not
found way how to pass AES IV data into *XMLCipher* object.
I understand that AES IV should be propably 'internal random value'
however for purpose of testing would be great if we could encrypt xml
with specific AES + AES IV parameters...
You could file an RFE. The only workaround I can possibly think of
(short of hacking the source code and building your own library) is to
create your own security provider with a CipherSpi implementation that
overrides the init method (which XMLCipher will call with its own
IVParameterSpec) and instead specify your own IV. You could just create
a wrapper CipherSpi implementation that re-sets the IV and delegates all
other calls to the Cipher implementation in the JDK.
Note that I haven't tried this workaround so it may or may not work.
--Sean
