Details
-
New Feature
-
Status: Resolved
-
Minor
-
Resolution: Abandoned
-
2.22.1
-
None
-
None
-
Unknown
Description
The use of AS2 in Germany for business application could require to follow regulations set by the BSI (German Federal Office for Information Security).
The BSI requeries to use OAEP (Optimal asymmetric encryption padding) when sending encrypted SMIME-messages between public institutions. As AS2 uses SMIME as message structur this regulation affects AS2 implementation used in Germany.
https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding
The BouncyCastle libary already supports OAEP.
See https://www.bouncycastle.org/specifications.html
- RSA/NONE/OAEPWithMD5AndMGF1Padding
- RSA/NONE/OAEPWithSHA1AndMGF1Padding
- RSA/NONE/OAEPWithSHA224AndMGF1Padding
- RSA/NONE/OAEPWithSHA256AndMGF1Padding
- RSA/NONE/OAEPWithSHA384AndMGF1Padding
- RSA/NONE/OAEPWithSHA512AndMGF1Padding
- RSA/NONE/OAEPWithSHA3-224AndMGF1Padding
- RSA/NONE/OAEPWithSHA3-256AndMGF1Padding
- RSA/NONE/OAEPWithSHA3-384AndMGF1Padding
- RSA/NONE/OAEPWithSHA3-512AndMGF1Padding