Hi Colm, Thank you for your response. One final query is Will SHA224 be supported in both cases? - Construction of OAEPParameters in constructOAEPParameters method - Construction of cipher using SHA224 digest algorithm in constructCipher method
Regards, Sreenivas On Wed 8 Sep, 2021, 4:22 PM Colm O hEigeartaigh, <[email protected]> wrote: > Hi, > > It will be fixed for the next release here - > https://issues.apache.org/jira/browse/SANTUARIO-579 > > Colm. > > On Tue, Sep 7, 2021 at 11:48 PM Sreenivas Somavarapu > <[email protected]> wrote: > > > > Hi Team, > > > > > > > > Not sure if this is correct forum / mailing list to put this query. If > this is not could you let me know where could I post this query. > > > > > > > > We are using XMLCipher API to perform encrypt and decrypt operations of > SAML assertions and we are seeing a issue when integrating with Shibboleth > / HSM devices (Any third-party which is not using xmlsec) and when using > only RSAOAEP 1.1 with mgfalgorithm as SHA224 (rest all are working fine). > When referred xmlsec code @ santuario-xml-security-java/XMLCipher.java at > xmlsec-2.2.2 · apache/santuario-xml-security-java · GitHub and during > encryptkey call xmlsec is trying to construct OAEP parameters in > constructOAEPParameters function. In that function while constructing > MGF1ParameterSpec there is an if else which has SHA1 (default), SHA256, > SHA384 and SHA512 but not SHA224 (even this is the same case in > constructCipher function as well). > > > > > > > > Is there any reason behind omitting SHA224 in these places? Also is > there any place in API documentation / website where I could find list of > all algorithms supported by xmlsec for different crypto operations? > > > > > > > > Sample Code for wrapping key is as below > > > > KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", jceProvider); > > > > keyGenerator.init(256, SecureRandom); > > > > SecretKey dek = keyGenerator.generateKey(); > > > > XMLCipher cipher = XMLCipher.getProviderInstance(XMLCipher.RSA_OAEP_11, > jceProvider, Canonicalizer.ALGO_ID_C14N_PHYSICAL, > MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224); > > > > cipher.init(XMLCipher.WRAP_MODE, publickey); > > > > EncryptedKey encryptedKey = cipher.encryptKey(xmlDoc, dek, " > http://www.w3.org/2009/xmlenc11#mgf1sha224";, null); > > > > > > > > Thanks in Advance. > > > > > > > > Regards, > > > > Sreenivas >
