Topic
  • 3 replies
  • Latest Post - ‏2013-09-10T22:55:58Z by etj
workOfArt
workOfArt
2 Posts

Pinned topic Need to use RSA-OEAP key transport algorithm

‏2011-05-05T18:23:59Z |
I need to use the RSA-OEAP key transport algorithm instead of the default RSA 1.5
for a HMAC WS-Security signature for selected elements.

I've tried adding the following stylesheet parameter, but it
doesn't get picked up by the default store:///sign-wssec.xsl stylesheet.

Name: {http://www.datapower.com/param/config}key-transport-algorithm
Value: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p

I can't use the store:///sign-hmac-wssec.xsl stylesheet. It
doesn't appear to support the creation of a WS-Security 1.1 encrypted key.

Any workarounds for using RSA-OAEP, short of writing my own XSL?

We're running on a DataPower XI50 with firmware rev 3.7.3.17
Updated on 2011-05-09T17:52:58Z at 2011-05-09T17:52:58Z by workOfArt
  • inestlerode
    inestlerode
    166 Posts

    Re: Need to use RSA-OEAP key transport algorithm

    ‏2011-05-09T14:45:45Z  
    RSA OAEP can only be used for encryption and decryption. It cannot be used for signing or verifying. This is an algorithm limitation and not a DataPower limitation. Also it isn't very clear why you are trying to mix RSA and HMAC (you would generally use one but not both of them).
  • workOfArt
    workOfArt
    2 Posts

    Re: Need to use RSA-OEAP key transport algorithm

    ‏2011-05-09T17:52:58Z  
    RSA OAEP can only be used for encryption and decryption. It cannot be used for signing or verifying. This is an algorithm limitation and not a DataPower limitation. Also it isn't very clear why you are trying to mix RSA and HMAC (you would generally use one but not both of them).
    When generating an HMAC signature, a Symmetric Key Type of "Use a Random Key and Encrypt It for the Recipient" is specified. This generates the EncryptedKey element as part of a Sign action with a default EncryptionMethod method of rsa-1_5, I need rsa-oaep-mgf1p.
  • etj
    etj
    108 Posts

    Re: Need to use RSA-OEAP key transport algorithm

    ‏2013-09-10T22:55:58Z  

    workOfArt,

    Were you able to use rsa-oaep-mgf1p ?

    How did you specify it ?

    thanks,

    el