[SANTUARIO-490] Use requested SecureRandom for OAEP in XMLCipher.encryptKey - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Java 2.1.2
Fix Version/s: Java 2.1.3
Component/s: Java
Labels:
None

Description

There is currently no mechanism to tell XMLCipher.encryptKey() which SecureRandom to use for the random generation within OAEP, so the Sun RNG is used.

To make this configurable, one could pass the SecureRandom algorithm to getProviderInstance, and encryptKey could use the requestedJCEProvider to create a SecureRandom instance. Alternatively, add an optional secureRandom parameter to encryptKey.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Steve Mitchell

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Jul/18 23:30

Updated:: 29/Mar/19 13:31

Resolved:: 14/Aug/18 09:15