W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2012

Re: Encryption 1.1 interop Qs

From: <Frederick.Hirsch@nokia.com>
Date: Sat, 9 Jun 2012 14:23:10 +0000
To: <pratik.datta@oracle.com>, <cantor.2@osu.edu>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <7C75F034-A0BC-48CC-8889-767E956A317F@nokia.com>
I believe it is an oversight that AES-192-GCM is not included as an optional algorithm.

(1) I have added it to the editors draft to table of algorithms (5.1.1) and AES-GCM section 5.2.4



(2) I also made the corresponding update to the XML Security Algorithm Cross-Reference:


(3) I have entered this as a new issue, ISSUE-231

This issue should be resolved by the edit to the drafts noted above (in conjunction with the interop testing)


regards, Frederick

Frederick Hirsch

On Jun 9, 2012, at 2:21 AM, ext Pratik Datta wrote:

> Scott,
> I had created those samples with our implementation, so they should work.
> Are you using the correct parameters for RSA-OAEP ?   There is a DigestMethod parameter and a MGF parameter.
> If you want I can generate a different algorithm combination and you can see if it works for you.
> I hadn't realized that the AES-192 GCM algorithm was missing from the spec. I think it must be an oversight.
> Pratik
> -----Original Message-----
> From: Cantor, Scott [mailto:cantor.2@osu.edu] 
> Sent: Friday, June 08, 2012 8:23 PM
> To: public-xmlsec@w3.org
> Subject: Encryption 1.1 interop Qs
> Referring to: 
> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/
> The GCM samples have a test case for AES192 GCM, but I don't see that algorithm defined in the draft. It's logical that there would be one, but with no URI for that in the spec, it's a little fishy.
> The other issue I had is that I'm not able so far to even decrypt the key used in the 2048-bit sample:
> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/files/cipher
> Text__RSA-2048__aes128-gcm__rsa-oaep-mgf1p.xml
> The XML points to the certificate in the 2048 bit RSA key file, but using that private key against the EncryptedKey in that sample is giving me a padding error. I would chalk it up to a bug on my part, but I haven't had any interop issues in the past with RSA-OAEP in the code I'm testing.
> So I thought I'd ask if anybody else has tested that sample successfully before I go digging.
> -- Scott
Received on Saturday, 9 June 2012 14:23:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:18 UTC