Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-282

RSA-OAEP key transport is limited to SHA-1 digests

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Java 1.4.5
    • Fix Version/s: Java 1.5
    • Component/s: Java
    • Security Level: Public (Public issues, viewable by everyone)
    • Labels:
      None

      Description

      The RSA-OAEP key transport usage in the Java code assumes use of SHA-1 as a digest. The API maps the XML algorithm identifier for OAEP to the SHA-1 version of the JCE algorithm. It needs to support arbitrary digests, and the XMLCipher API needs to expand to handle setting the digest separately from the key transport algorithm.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coheigea Colm O hEigeartaigh
                Reporter:
                cantor.2@osu.edu Scott Cantor
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: