Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case


Chronological Thread 
  • From: "Janardhanan, Srilakshmi" <>
  • To: <>
  • Subject: RE: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case
  • Date: Wed, 30 Apr 2008 14:31:01 -0400
Title: Encrypting Assertion in Browser Post Profile Use case
#2 was the issue.  Thanks Brent
 
 

From: Brent Putman [mailto:]
Sent: Tuesday, April 29, 2008 5:18 PM
To:
Subject: Re: [OpenSAML] Encrypting Assertion in Browser Post Profile Use case

Sounds like either 1) your JRE/JDK's current security provider stack does not support AES 256-bit keys, or  2) you haven't installed the unlimited strength policy jurisdiction files

For #1, install a security provider that supports, like Bouncy Castle.

For #2, install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files, for example from here (bottom of page, adjust for your JDK/JRE version):
http://java.sun.com/javase/downloads/index.jsp

If you need more info, just Google for that exception text "Illegal key size or default parameters", this isn't specifically an opensaml issue, but rather a Java JCE/JCA one.

HTH,
Brent


Janardhanan, Srilakshmi wrote:
Brent,
 
Thanks for your feedback. Yes, all I want is auto-generated data encryption key based on aes256-cbc using the following code:

EncryptionParameters encParams = SecurityHelper.buildDataEncryptionParams(null, null, null);

encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);

 

However, this throws the exception below ( works fine if I don't explicitly set the algo, it defaults to aes-128):

org.opensaml.xml.encryption.EncryptionException: Error encrypting XMLObject

at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:453)

at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:343)

at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:257)

at com.Test.encryptAssertion(Test.java:450)

at com.Test.generateSAMLResponse(Test.java:313)

at com.Test.main(Test.java:163)

Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters

Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters

at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)

at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)

at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:450)

... 5 more

 

I have also tried generating the encryption key and credential myself but same exception.

 


Archive powered by MHonArc 2.6.16.

Top of Page