mace-opensaml-users - Encrypting Assertion in Browser Post Profile Use case
Subject: OpenSAML user discussion
List archive
- From: "Janardhanan, Srilakshmi" <>
- To: <>
- Subject: Encrypting Assertion in Browser Post Profile Use case
- Date: Mon, 28 Apr 2008 11:11:04 -0400
Title: Encrypting Assertion in Browser Post Profile Use case
Hi,
I have the following code to encrypt an assertion and it works with the default parameters:
EncryptionParameters encParams = SecurityHelper.buildDataEncryptionParams(null, null, null);
BasicCredential encryptCredential = new BasicCredential();
encryptCredential.setPublicKey(pair.getCertificate().getPublicKey()); // Partner public cert
KeyEncryptionParameters kekParams = new KeyEncryptionParameters();
kekParams.setEncryptionCredential(encryptCredential);
kekParams.setAlgorithm(XMLCipher.RSA_v1dot5);
Encrypter encrypter = new Encrypter(encParams, kekParams);
encrypter.setKeyPlacement(KeyPlacement.INLINE);
EncryptedAssertion encryptedAssertion = encrypter.encrypt(assertion);
-- The assertion is encrypted with a generated key using the http://www.w3.org/2001/04/xmlenc#aes128-cbc and this key is encrypted with the Partner public key.
Firstly, could you pl review if this approach is correct.
Secondly, I am trying to generate a key using the aes256-cbc instead of aes128-cbc using the following code:
encParams.setEncryptionCredential(SecurityTestHelper.generateKeyPairAndCredential(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, 1024, false));
But this gives me the following exception:
org.opensaml.xml.encryption.EncryptionException: Error encrypting XMLObject
at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:453)
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:343)
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:257)
at com.Test.encryptAssertion(Test.java:441)
at com.Test.generateSAMLResponse(Test.java:306)
at com.Test.main(Test.java:159)
Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters
at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:450)
... 5 more
Any help/pointers to resolve this issue is highly appreciated. Thanks.
-Lakshmi
- Encrypting Assertion in Browser Post Profile Use case, Janardhanan, Srilakshmi, 04/28/2008
- Re: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case, Brent Putman, 04/28/2008
- RE: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case, Janardhanan, Srilakshmi, 04/29/2008
- Re: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case, Brent Putman, 04/29/2008
- RE: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case, Janardhanan, Srilakshmi, 04/30/2008
- Re: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case, Brent Putman, 04/29/2008
- RE: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case, Janardhanan, Srilakshmi, 04/29/2008
- Re: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case, Brent Putman, 04/28/2008
Archive powered by MHonArc 2.6.16.