Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-6640

Migrate XML Security key cipher algorithm away from RSA v1.5

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.12.0
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description


      Currently, the XML Security component uses RSA v1.5 as the default Key Transport algorithm. As there are a number of attacks on this algorithm, it is better to use the RSA OAEP algorithm instead.

      1. camel-6640.patch
        15 kB
        Colm O hEigeartaigh

        Activity

        Hide
        coheigea Colm O hEigeartaigh added a comment -

        Please apply the following patch to trunk. It contains the following functionality:

        a) Some setter methods for the MGFAlgorithm in camel-core, that should have been in my last patch
        b) Changed the default Key Transport algorithm to use RSA OAEP instead of RSA v1.5
        c) Reject requests with RSA v1.5 unless it has been explicitly configured as the key transport algorithm.

        Colm.

        Show
        coheigea Colm O hEigeartaigh added a comment - Please apply the following patch to trunk. It contains the following functionality: a) Some setter methods for the MGFAlgorithm in camel-core, that should have been in my last patch b) Changed the default Key Transport algorithm to use RSA OAEP instead of RSA v1.5 c) Reject requests with RSA v1.5 unless it has been explicitly configured as the key transport algorithm. Colm.
        Hide
        davsclaus Claus Ibsen added a comment -

        Thanks Colm for the patch.

        Do you mind updating the docs with this change at:
        http://camel.apache.org/xmlsecurity-dataformat.html

        And possible also add a little note to the release notes at changes that may affect end users:
        http://camel.apache.org/camel-2120-release.html

        Show
        davsclaus Claus Ibsen added a comment - Thanks Colm for the patch. Do you mind updating the docs with this change at: http://camel.apache.org/xmlsecurity-dataformat.html And possible also add a little note to the release notes at changes that may affect end users : http://camel.apache.org/camel-2120-release.html
        Hide
        coheigea Colm O hEigeartaigh added a comment -

        Sure, both are now done.

        Colm.

        Show
        coheigea Colm O hEigeartaigh added a comment - Sure, both are now done. Colm.

          People

          • Assignee:
            davsclaus Claus Ibsen
            Reporter:
            coheigea Colm O hEigeartaigh
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development