Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case
  • Date: Tue, 29 Apr 2008 17:18:26 -0400
Title: Encrypting Assertion in Browser Post Profile Use case
Sounds like either 1) your JRE/JDK's current security provider stack does not support AES 256-bit keys, or  2) you haven't installed the unlimited strength policy jurisdiction files

For #1, install a security provider that supports, like Bouncy Castle.

For #2, install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files, for example from here (bottom of page, adjust for your JDK/JRE version):
http://java.sun.com/javase/downloads/index.jsp

If you need more info, just Google for that exception text "Illegal key size or default parameters", this isn't specifically an opensaml issue, but rather a Java JCE/JCA one.

HTH,
Brent


Janardhanan, Srilakshmi wrote:
Brent,
 
Thanks for your feedback. Yes, all I want is auto-generated data encryption key based on aes256-cbc using the following code:

EncryptionParameters encParams = SecurityHelper.buildDataEncryptionParams(null, null, null);

encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);

 

However, this throws the exception below ( works fine if I don't explicitly set the algo, it defaults to aes-128):

org.opensaml.xml.encryption.EncryptionException: Error encrypting XMLObject

at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:453)

at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:343)

at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:257)

at com.Test.encryptAssertion(Test.java:450)

at com.Test.generateSAMLResponse(Test.java:313)

at com.Test.main(Test.java:163)

Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters

Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters

at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)

at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)

at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:450)

... 5 more

 

I have also tried generating the encryption key and credential myself but same exception.

 


Archive powered by MHonArc 2.6.16.

Top of Page