Hi Team,
We are facing the following issue while performing encrypt key operation
with BCFIPS Provider and using XML-Sec library
Following is the code snippet:
// Generate a traffic key
javax.crypto.KeyGenerator keyGenerator =
KeyGenerator.getInstance("AES", "BCFIPS");
keyGenerator.init(256, sRandom);
javax.crypto.SecretKey dek = keyGenerator.generateKey();
java.security.PublicKey pk = jsCert.getPublicKey(); //this is
publickey of cert generated with 1024 key length
org.apache.xml.security.encryption,XMLCipher cipher = null;
cipher = org.apache.xml.security.encryption.
XMLCipher.getProviderInstance("http://www.w3.org/2009/xmlenc11#rsa-oaep",
"BCFIPS", org.apache.xml.security.c14n.Canonicalize.ALGO_ID_C14N_PHYSICAL,
"http://www.w3.org/2001/04/xmldsig-more#sha384");
* // The above line
will basically call javax.crypto.Cipher.getInstance("RSA/ECB/OAEPPadding",
"BCFIPS"); to fetch the XMLCipher Instance*
cipher.init(XMLCipher.WRAP_MODE, pk);
org.apache.xml.security.encryption.EncryptedKey encryptedKey =
null;
encryptedKey = cipher.encryptKey(xmlDoc, dek, "
http://www.w3.org/2009/xmlenc11#mgf1sha384", null);// *I am facing
exception( javax.crypto.IllegalBlockSizeException: Unable to wrap key:
input data too long.) here *
*Our Observations:*
*When using 1024 key length certificate, 1024+(key algorithm length)+(block
algorithm) > 1600, we are getting this error*
*For example 1024(certificate length)+256(key algorithm length)+384(block
algorithm length) which is greater than 1600, we are facing this issue*
*When using 1024+ 256 +256+ 256 which is less than 1600 we are not facing
this issue*
Is our observation valid?
Could you please help us to understand any limitations while using
rsa-oaep encryption alogrithms. Also please let us know if you have any
further information or reproduction.
*Regards*
*Samba*
Received on Thursday, 9 July 2020 17:50:37 UTC