mace-opensaml-users - Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist.
Subject: OpenSAML user discussion
List archive
Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist.
Chronological Thread
- From: Brent Putman <>
- To:
- Subject: Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist.
- Date: Mon, 04 Aug 2008 19:19:31 -0400
There's some opensaml2 docs on signing here, maybe you already found those:
https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG
But they don't really cover your question, because it's not really an opensaml question, but rather a general crypto, digital signature and PKI one. I suggest you take a look at some tutorials on that. But in a nutshell: you don't really sign with a *certificate* (which contains a public key), but rather with the private key that corresponds to the cert's public key. The recipient then validates with the cert's public key.
So if you have a key pair and cert, you don't generate a new key pair to get a private key, that's not ever going to work. You need to use the private key that corresponds to the public key/cert that you're using. If you're using a KeyStore and you have an existing PrivateKeyEntry in there with cert and key, see the API docs, which have an example like this for getting the private key out of the keystore:
// get my private key
KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
ks.getEntry("privateKeyAlias", password);
PrivateKey myPrivateKey = pkEntry.getPrivateKey();
--Brent
Ender Wiggin wrote:
Hi Brent:
Is there an example of signing with certificate that I may be able to reference as I am pretty new to this as well. I have put together the code sample below, but I am not sure if its valid and if it will hold up when the assertion is used as part of a call services in other systems. In particular I am uncertain about the approach I am using to create the private keys, algorithms, etc.
-------------------Signing Code----------------------
SignatureBuilder sigBuilder = (SignatureBuilder)builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME);
Signature signature = sigBuilder.buildObject();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
String ksName = res.getString("KEYSTORE");
FileInputStream ksfis = new FileInputStream(ksName);
BufferedInputStream ksbufin = new BufferedInputStream(ksfis); String ksPassword = res.getString("KEYSTORE_PSWD");
String ksPrivAlias = res.getString("KEYSTORE_PRIVKEY_ALIAS"); ks.load(ksbufin, ksPassword.toCharArray());
Certificate cert = ks.getCertificate(ksPrivAlias); PublicKey pubKey = cert.getPublicKey();
KeyPair kp = SecurityTestHelper.generateKeyPair("RSA", 1024, null);
-
- XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist., massive_cava, 08/04/2008
- RE: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist., Scott Cantor, 08/04/2008
- Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist., Brent Putman, 08/04/2008
- Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist., Ender Wiggin, 08/04/2008
- Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist., Brent Putman, 08/04/2008
- Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist., Ender Wiggin, 08/04/2008
Archive powered by MHonArc 2.6.16.