[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: RE: AES - newbie question - how to fix key & IV
From: Enric Jaen <enricjaen () yahoo ! es>
Date: 2007-05-31 14:16:49
Message-ID: 369886.14799.qm () web27604 ! mail ! ukl ! yahoo ! com
[Download RAW message or body]
Juan, Chu many thanks for your responses.
Do you know how to fix in WSS4J the key and the
initialization vector (IV)? This way I could repeat
the calls with the same payload, in order to test the
PHP - WSS4J interoperability. WSS4J depends on Apache
XmlSec and javax.crypto, and I have not seen the way
to do that.
Regards,
/Enric
--- "Da Cruz Pinto, Juan M"
<juan.m.da.cruz.pinto@intel.com> escribió:
> Hi Enric,
>
> Regarding the EncryptedKey, it will always be
> different, because it's randomly generated each
> time, unless you specify a fixed symmetric key
> (shared secret). I'm not an expert on WSS4J, but the
> normal procedure is (somebody please correct me if
> I'm wrong):
> - Generate a random key [K] (to be used for
> symmetric encryption)
> - RSA-Encrypt the random key (pub-key cryptography).
> This will be stored in the EncryptedKey Element in
> the security header.
> - [DES/AES]-Encrypt the real data with [K]
> (symmetric key cryptography). This will be stored in
> the EncryptedData element, which will replace the
> real data.
>
> So, normally, I would expect to have a different
> EncryptedKey each time, and as a consequence the
> EncryptedData will be different too. The only way to
> have a fixed key is to use a pre-shared secret.
>
> Regards,
> Marcelo.
>
>
> -----Original Message-----
> From: Enric Jaen [mailto:enricjaen@yahoo.es]
> Sent: Wednesday, May 30, 2007 08:41
> To: wss4j-dev@ws.apache.org
> Subject: RE: AES - newbie question
>
> Thanks a lot for the response, Chang.
>
> I was refering more to the data encrypted in the
> payload of a SOAP message (thereby the AES in the
> title), although I have noticed that the
> encryptedKey
> is also different each time.
>
> The reason efectively seems that is what you said:
> random numbers.
>
> Respect to the payload, after looking at the source
> code, seems that the JDK class javax.crypto.Chipher
> generates a random IV. I don't know if there is a
> way
> to generate a fixed IV.
>
> Respect to the encryptedKey, seems that is the
> padding
>
> what is generated randomly.
>
> I have read that this is so for security reasons,
> which makes sense in a general case.
>
> The problem of all that is that WSS4J doesn't
> decrypt
> well the payload encrypted with the PHP's mcrypt
> funcions, and I am trying to find the reason.
>
> Best regards,
>
> /Enric
>
>
>
>
> --- CHANG Shuh <shuh.chang@gemalto.com> escribió:
>
> > It's hard to say without knowing more about your
> > scenario. However, there might be some clues for
> > that. For example, in UsernameToken, there are two
> > possible factors that could affect the outcome of
> > the password digest (which may or may not be
> related
> > to what you were referring to as encrypted data):
> > random number (nonce) and timestamp (created).
> Each
> > time you make a call, you would get a different
> > nonce and timestamp, and therefore different
> > password digest even though you use the same
> > password each time...
> >
> > Regards,
> > Shuh
> >
> >
> > > -----Original Message-----
> > > From: Enric Jaen [mailto:enricjaen@yahoo.es]
> > > Sent: Monday, May 28, 2007 9:37 AM
> > > To: wss4j-dev@ws.apache.org
> > > Subject: RV: AES - newbie question
> > >
> > > Sorry, just to clarify that this issue is
> > happening with WSS4J.
> > > /Enric
> > >
> > >
> > > --- Enric Jaen <enricjaen@yahoo.es> escribió:
> > >
> > > > Fecha: Mon, 28 May 2007 09:31:19 +0200 (CEST)
> > > > De: Enric Jaen <enricjaen@yahoo.es>
> > > > Asunto: AES - newbie question
> > > > Para: wss4j-dev@ws.apache.org
> > > >
> > > >
> > > > Hi, I am quite newbie about security and I
> have
> > a simple question:
> > > >
> > > > When encrypting the data I am forcing the same
> > key, but I
> > > have noticed
> > > > that the encrypted data is different in each
> > call. Shouldn't it be
> > > > always the same?
> > > >
> > > > Thanks for any explanation,
> > > >
> > > > /Enric
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
>
______________________________________________________________
> > > ______________________
> > > > ¡Descubre una nueva forma de obtener
> respuestas
> > a tus preguntas!
> > > > Entra en Yahoo! Respuestas.
> > > > http://es.answers.yahoo.com/info/welcome
> > > >
> > >
> > >
> > >
> > >
> > > ______________________________________________
> > > LLama Gratis a cualquier PC del Mundo.
> > > Llamadas a fijos y móviles desde 1 céntimo por
> > minuto.
> > > http://es.voice.yahoo.com
> > >
> > >
> >
>
---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > wss4j-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail:
> > wss4j-dev-help@ws.apache.org
> > >
> > >
> >
>
>
>
>
> ______________________________________________
> LLama Gratis a cualquier PC del Mundo.
> Llamadas a fijos y móviles desde 1 céntimo por
> minuto.
> http://es.voice.yahoo.com
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail:
> wss4j-dev-help@ws.apache.org
>
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic