OpenSAML user discussion

["Clifford Johnson" <>]

Brett,

Your changes in 489 seem to do the trick.  I discovered that the encoded
private key in ExplicitKeySignatureTrustEngineTest doesn't use a PKCS8
so the Sun RSA key generator fails.  The key *is* a simple PKCS1 encoded
private key.  Before I saw your note, I was in the process of assembling
a decoding for the PKCS1 encoding so that the
java.security.spec.RSAPrivateCrtKeySpec could be used (it doesn't have
an encoded key constructor).

I'm aware of the BouncyCastle ASN1 dependency and use an extract of the
BouncyCastle library omitting the crypto parts (to avoid the
patent-encumbered pieces).  BouncyCastle does have a nice, full-featured
ASN1 library.  I *wish* that an Apache project could adopt the ASN1
parts and make an ASN1 library (not as a component of some larger effort
as is the present case).

So far (knock on wood) my operations with the default provider in Java
1.5 (with the unlimited policy files) have been adequate.  If we bump
into a shortcoming, we'll wind up licensing the algorithms in
BouncyCastle and use BouncyCastle as a provider (or find some
alternative).

Thanks.

Clifford