mace-opensaml-users - Encrypting Assertion in Browser Post Profile Use case
Subject: OpenSAML user discussion
List archive
- From: "Janardhanan, Srilakshmi" <>
- To: <>
- Subject: Encrypting Assertion in Browser Post Profile Use case
- Date: Mon, 28 Apr 2008 16:08:51 -0400
|
Hi,
I have the following code to encrypt an assertion and
it works with the default parameters:
EncryptionParameters encParams =
SecurityHelper.buildDataEncryptionParams(null, null,
null);
BasicCredential encryptCredential = new
BasicCredential();
encryptCredential.setPublicKey(pair.getCertificate().getPublicKey()); // Partner public cert KeyEncryptionParameters kekParams = new KeyEncryptionParameters(); kekParams.setEncryptionCredential(encryptCredential); kekParams.setAlgorithm(XMLCipher.RSA_v1dot5); Encrypter encrypter = new Encrypter(encParams,
kekParams);
encrypter.setKeyPlacement(KeyPlacement.INLINE); EncryptedAssertion encryptedAssertion =
encrypter.encrypt(assertion);
-- The assertion is encrypted with a generated key using the http://www.w3.org/2001/04/xmlenc#aes128-cbc algo and this key is encrypted with the Partner public key. Firstly, could you pl review if this approach is
correct.
Secondly, I am trying to generate a key using the
aes256-cbc instead of aes128-cbc using the following code:
encParams.setEncryptionCredential(SecurityTestHelper.generateKeyPairAndCredential(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256,
1024, false));
But this gives me the following exception:
org.opensaml.xml.encryption.EncryptionException: Error
encrypting XMLObject
at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:453) at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:343) at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:257) at com.Test.encryptAssertion(Test.java:441) at com.Test.generateSAMLResponse(Test.java:306) at com.Test.main(Test.java:159) Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source) at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source) at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:450) ... 5 more Any help/pointers to resolve this issue is highly
appreciated. Thanks.
-Lakshmi
|
- anybody know where i can find the document about the profile and binding in opensaml2, yanshan.long, 04/26/2008
- Encrypting Assertion in Browser Post Profile Use case, Janardhanan, Srilakshmi, 04/28/2008
- Encrypting Assertion in Browser Post Profile Use case, Janardhanan, Srilakshmi, 04/28/2008
- Re: [OpenSAML] anybody know where i can find the document about the profile and binding in opensaml2, Brent Putman, 04/28/2008
Archive powered by MHonArc 2.6.16.