[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Commented: (EBXMLMSG-45) PMode parameter for Key Transport algorithm
[ http://tools.oasis-open.org/issues/browse/EBXMLMSG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=36589#action_36589 ] Pim van der Eijk commented on EBXMLMSG-45: ------------------------------------------ According to http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/#sec-RSA-OAEP, if the value for the key transport algorithm is http://www.w3.org/2009/xmlenc11#rsa-oaep then two other algorithms can be specified: 1) Mask generation function, with values like http://www.w3.org/2009/xmlenc11#mgf1sha256. Default is http://www.w3.org/2009/xmlenc11#mgf1sha1. 2) Key transport message digest function, with values like http://www.w3.org/2001/04/xmlenc#sha256. Default is http://www.w3.org/2000/09/xmldsig#rsa-sha1. In both cases the defaults are discouraged. This would mean three new parameters. > PMode parameter for Key Transport algorithm > ------------------------------------------- > > Key: EBXMLMSG-45 > URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-45 > Project: OASIS ebXML Messaging Services TC > Issue Type: Improvement > Components: Core Spec > Reporter: Pim van der Eijk > > For encryption, the core specification currently has a PMode PMode[1].Security.X509.Encryption.Algorithm which identifies "the encryption algorithm to be used" based on W3C XML Encryption algorithm identifiers. > XML Encryption actually distinguishes two algorithms: > xenc:EncryptedData / xenc:EncryptionMethod / @Algorithm > The value is an identifier of a block encryption algorithm like http://www.w3.org/2001/04/xmlenc#aes128-cbc or http://www.w3.org/2001/04/xmlenc#tripledes-cbc. > xenc:EncryptedKey / xenc:EncryptionMethod / @Algorithm > The value is an identifier of an algorithm used for Key Transport. XML encryption currently recommends http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, commonly used values include http://www.w3.org/2001/04/xmlenc#rsa-1_5. > I assume the PMode parameter identifies the first use. There does not seem to be a parameter for the second one? When using WS-SecurityPolicy, it would be needed to select the correct policy, e.g. Basic128Sha256 versus Basic128Sha256Rsa15. > (This is not to promote WS-SecurityPolicy, the ebMS3 approach of directly using the W3C Signature and Encryption parameters is actually more future-proof than WS-SecurityPolicy's identifiers, just to note that some implementers of ebMS3 will use security toolkits that are configured using WS-SecurityPolicy). > -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]