Topic
3 replies Latest Post - ‏2013-09-10T22:55:58Z by etj
workOfArt
workOfArt
2 Posts
ACCEPTED ANSWER

Pinned topic Need to use RSA-OEAP key transport algorithm

‏2011-05-05T18:23:59Z |
I need to use the RSA-OEAP key transport algorithm instead of the default RSA 1.5
for a HMAC WS-Security signature for selected elements.

I've tried adding the following stylesheet parameter, but it
doesn't get picked up by the default store:///sign-wssec.xsl stylesheet.

Name: {http://www.datapower.com/param/config}key-transport-algorithm
Value: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p

I can't use the store:///sign-hmac-wssec.xsl stylesheet. It
doesn't appear to support the creation of a WS-Security 1.1 encrypted key.

Any workarounds for using RSA-OAEP, short of writing my own XSL?

We're running on a DataPower XI50 with firmware rev 3.7.3.17
Updated on 2011-05-09T17:52:58Z at 2011-05-09T17:52:58Z by workOfArt
  • inestlerode
    inestlerode
    166 Posts
    ACCEPTED ANSWER

    Re: Need to use RSA-OEAP key transport algorithm

    ‏2011-05-09T14:45:45Z  in response to workOfArt
    RSA OAEP can only be used for encryption and decryption. It cannot be used for signing or verifying. This is an algorithm limitation and not a DataPower limitation. Also it isn't very clear why you are trying to mix RSA and HMAC (you would generally use one but not both of them).
    • workOfArt
      workOfArt
      2 Posts
      ACCEPTED ANSWER

      Re: Need to use RSA-OEAP key transport algorithm

      ‏2011-05-09T17:52:58Z  in response to inestlerode
      When generating an HMAC signature, a Symmetric Key Type of "Use a Random Key and Encrypt It for the Recipient" is specified. This generates the EncryptedKey element as part of a Sign action with a default EncryptionMethod method of rsa-1_5, I need rsa-oaep-mgf1p.
  • etj
    etj
    108 Posts
    ACCEPTED ANSWER

    Re: Need to use RSA-OEAP key transport algorithm

    ‏2013-09-10T22:55:58Z  in response to workOfArt

    workOfArt,

    Were you able to use rsa-oaep-mgf1p ?

    How did you specify it ?

    thanks,

    el