Rep:[xmlsec] XML Encryption with session key
Aleksey Sanin
aleksey at aleksey.com
Sat Nov 15 08:05:39 PST 2003
>RSA-v1.5 works for AES192 and 3DES
>RSA-OAEP works for AES128 and AES256
>(http://www.aleksey.com/xmlsec/xmlenc.html)
>
>
These are MANDATORY requirements for XML Enc interop. Other key sizes are
also possible:
http://www.w3.org/TR/xmlenc-core/#sec-Alg-KeyTransport
And xmlsec does support any symmetric key length if public key size is
enough.
>encrypt3.c
>(http://www.aleksey.com/xmlsec/api/xmlsec-encrypt-with-session-key.html)
>uses RSA-OAEP and 3DES (which is no good).
>
>
Looks good to me :)
>So I tried different scenarii and got the following:
>
> RSA-v1.5 RSA-OAEP
>3DES OK Not-OK
>AES128 OK OK
>AES192 OK Not-OK
>AES256 OK Not-OK
>
>Does that sound good to you?
>
>
No, it does not. Since you was able to get RSA-OAEP for the smallest
symmetric key only
then I would think that the problem is in the public key size. Try to
use 2048 bits key.
Aleksey
P.S. If you want me to read your mail then you should subscribe to
xmlsec mailing list.
This is a happy incident that I've discovered your mail in tons of spam
I got on
xmlsec mailing list from not-subscribed people.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20031115/8204c78e/attachment.htm
More information about the xmlsec
mailing list