>> >> Attached is a revised version of the samples sent before. I mainly >> >> update the Diffie-Hellman examples to accommodate the newest changes in >> >> the specification. >> >> I confirmed that our implementation succeeded in decrypting most of your >> examples except ones using DH and RSA-OAEP with SHA256 and SHA512. I also >> confirmed that it failed to decrypt your bad-algorithm example because of >> wrong key length. > >Thanks! As for the DH and RSA-OAEP with SHA256 and SHA512, I am wondering if >you >couldn't decrypt them or you haven't tested them. Sorry for confusing you. I mean that I have not tested them yet. >> However, I found that it succeeded in decrypting your >> bad-type example. That is reasonable to me because the decryptor is not >> required to perform validation on the serialized XML and hence our >> implementation does not. Should we include this example in test vectors? > >My intention is that if you do the decrypt and replace, the type information >should be needed. >In other words, it should cause you trouble when you replace the EncryptedData >element with >the decrypted data if the the type attribute is not set correctly. I don't know how you have implemented this process, but the spec says: >The decryptor is NOT REQUIRED to perform validation on the serialized XML. and also says: >The decryptor is NOT REQUIRED to perform validation on the result of this replacement operation. and hence I don't think that the implementation has to fail to decrypt this example. In that sense, I asked this question. Note, I don't say that your implementation is wrong. Such validation would be value-add. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.comReceived on Tuesday, 12 March 2002 00:37:54 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT