Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-282

RSA-OAEP key transport is limited to SHA-1 digests

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Java 1.4.5
    • Java 1.5
    • Java
    • Security Level: Public (Public issues, viewable by everyone)
    • None

    Description

      The RSA-OAEP key transport usage in the Java code assumes use of SHA-1 as a digest. The API maps the XML algorithm identifier for OAEP to the SHA-1 version of the JCE algorithm. It needs to support arbitrary digests, and the XMLCipher API needs to expand to handle setting the digest separately from the key transport algorithm.

      Attachments

        Issue Links

          is depended upon by

          Test - A new unit, integration or system test. SANTUARIO-293 Support XML Encryption 1.1 Key Wrapping test-cases

          • Major - Major loss of function.
          • Closed

          Activity

            People

              coheigea Colm O hEigeartaigh
              scantor Scott Cantor
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: