Skip to Content.
Sympa Menu

mace-opensaml-users - Encrypting Assertion in Browser Post Profile Use case

Subject: OpenSAML user discussion

List archive

Encrypting Assertion in Browser Post Profile Use case


Chronological Thread 
  • From: "Janardhanan, Srilakshmi" <>
  • To: <>
  • Subject: Encrypting Assertion in Browser Post Profile Use case
  • Date: Mon, 28 Apr 2008 11:22:54 -0400

Hi,
 
I have the following code to encrypt an assertion and it works with the default parameters:
 
EncryptionParameters encParams = SecurityHelper.buildDataEncryptionParams(null, null, null);
 
BasicCredential encryptCredential = new BasicCredential();
encryptCredential.setPublicKey(pair.getCertificate().getPublicKey()); // Partner public cert
KeyEncryptionParameters kekParams = new KeyEncryptionParameters();
kekParams.setEncryptionCredential(encryptCredential);
kekParams.setAlgorithm(XMLCipher.RSA_v1dot5);
 
Encrypter encrypter = new Encrypter(encParams, kekParams);
encrypter.setKeyPlacement(KeyPlacement.INLINE); 
 
EncryptedAssertion encryptedAssertion = encrypter.encrypt(assertion);
 

-- The assertion is encrypted with a generated key using the http://www.w3.org/2001/04/xmlenc#aes128-cbc and this key is encrypted with the Partner public key.
 
Firstly, could you pl review if this approach is correct.
 
Secondly, I am trying to generate a key using the aes256-cbc instead of aes128-cbc using the following code:
 
encParams.setEncryptionCredential(SecurityTestHelper.generateKeyPairAndCredential(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, 1024, false));
 
But this gives me the following exception:
 
org.opensaml.xml.encryption.EncryptionException: Error encrypting XMLObject
 at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:453)
 at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:343)
 at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:257)
 at com.Test.encryptAssertion(Test.java:441)
 at com.Test.generateSAMLResponse(Test.java:306)
 at com.Test.main(Test.java:159)
Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters
 at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
 at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
 at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:450)
 ... 5 more
 
Any help/pointers to resolve this issue is highly appreciated. Thanks.
 
-Lakshmi



Archive powered by MHonArc 2.6.16.

Top of Page