Re: Encryption 1.1 interop Qs from Frederick.Hirsch@nokia.com on 2012-06-09 (public-xmlsec@w3.org from June 2012)

From: <Frederick.Hirsch@nokia.com>
Date: Sat, 9 Jun 2012 14:23:10 +0000
To: <pratik.datta@oracle.com>, <cantor.2@osu.edu>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <7C75F034-A0BC-48CC-8889-767E956A317F@nokia.com>

I believe it is an oversight that AES-192-GCM is not included as an optional algorithm.

(1) I have added it to the editors draft to table of algorithms (5.1.1) and AES-GCM section 5.2.4

http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#sec-Table-of-Algorithms

http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#sec-AES

(2) I also made the corresponding update to the XML Security Algorithm Cross-Reference:

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html#aes

(3) I have entered this as a new issue, ISSUE-231

This issue should be resolved by the edit to the drafts noted above (in conjunction with the interop testing)

Thanks!

regards, Frederick

Frederick Hirsch
Nokia



On Jun 9, 2012, at 2:21 AM, ext Pratik Datta wrote:

> Scott,
> I had created those samples with our implementation, so they should work.
> 
> Are you using the correct parameters for RSA-OAEP ?   There is a DigestMethod parameter and a MGF parameter.
> 
> If you want I can generate a different algorithm combination and you can see if it works for you.
> 
> I hadn't realized that the AES-192 GCM algorithm was missing from the spec. I think it must be an oversight.
> 
> Pratik
> 
> -----Original Message-----
> From: Cantor, Scott [mailto:cantor.2@osu.edu] 
> Sent: Friday, June 08, 2012 8:23 PM
> To: public-xmlsec@w3.org
> Subject: Encryption 1.1 interop Qs
> 
> Referring to: 
> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/
> 
> The GCM samples have a test case for AES192 GCM, but I don't see that algorithm defined in the draft. It's logical that there would be one, but with no URI for that in the spec, it's a little fishy.
> 
> The other issue I had is that I'm not able so far to even decrypt the key used in the 2048-bit sample:
> 
> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/files/cipher
> Text__RSA-2048__aes128-gcm__rsa-oaep-mgf1p.xml
> 
> The XML points to the certificate in the 2048 bit RSA key file, but using that private key against the EncryptedKey in that sample is giving me a padding error. I would chalk it up to a bug on my part, but I haven't had any interop issues in the past with RSA-OAEP in the code I'm testing.
> 
> So I thought I'd ask if anybody else has tested that sample successfully before I go digging.
> 
> -- Scott
> 
> 
>

Received on Saturday, 9 June 2012 14:23:49 UTC