Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] [OpenSAML java] encrypted assertion

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] [OpenSAML java] encrypted assertion


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML] [OpenSAML java] encrypted assertion
  • Date: Wed, 20 Apr 2011 08:52:21 -0400
You'll have to elaborate on what you mean by needing to digest the assertion.  If you are talking about XML Signature, the requirements there are a lot more complicated than just digesting some element(s).


On 4/20/11 4:02 AM, wrote:

Many thanks, Putmanb.

By the way, if I need digest assertion, should I digest signature info or digest only other assertion info except signature info?


Thanks&Best Regards
Li Ji Xian


----- Original Message -----
From: Brent Putman []
To:
Sent: Mon, 18 Apr 2011 10:33:18 -0400
Subject: Re: [OpenSAML] [OpenSAML java] encrypted assertion

Well, you can't use RSA to encrypt the actual data, you have to use a symmetric block algorithm for the data encryption, and then encrypt the data encryption key as an EncryptedKey and send it along with the EncryptedAssertion.   The examples in the wiki illustrate this.

The technical reason is that that RSA can only encrypt a block that is slightly smaller than it's modulus size, not nearly enough for a SAML assertion.  And there are no cipher modes defined for RSA for multi-block encryption (or at least if there are, XML Encryption doesn't support them).  For more info, you can google.  Using an ephemeral symmetric data encryption key is is the standard approach to using RSA encryption for pretty much anything out there, not just SAML.



On 4/18/11 6:43 AM, wrote:

Hi Putmanb,

Thanks for your response.

I can run it, but I have another question, if I use RSA algorithm to encrypt, how do I set block size of RSA algorithm? Below is exception:

 

org.opensaml.xml.encryption.EncryptionException: Error encrypting XMLObject
 at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:453)
 at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:343)
 at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:257)
 at SamlTest.main(SamlTest.java:208)
Caused by: java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
 at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
 at javax.crypto.Cipher.doFinal(Unknown Source)
 at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
 at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
 at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:450)
 ... 3 more



Thanks&Best Regards
Li Ji Xian


----- Original Message -----
From: Brent Putman []
To:
Sent: Mon, 18 Apr 2011 02:20:39 -0400
Subject: Re: [OpenSAML] [OpenSAML java] encrypted assertion

This is documented pretty extensively in the wiki:

https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaXMLEncryption



On 4/18/11 1:56 AM, wrote:
>
> Hi,
>
> who can give me an example how to encrypt assertion? thanks.
>
> Thanks&Best Regards
> Li Ji Xian
>


Archive powered by MHonArc 2.6.16.

Top of Page