Support of RSA-SHA256, RSA-SHA384 and RSA-SHA512 Algorithms in Metro

The existing metro versions support only RSA-SHA1 or HMAC-SHA1 algorithms for computing signatures when securing  the messages.To be more precise , in the request/response messages , you can see something like:


............................
<ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
           <exc14n:InclusiveNamespaces PrefixList="wsse S"/>
        </ds:CanonicalizationMethod>
       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <ds:Reference URI="#_5002">


.............................


As the usage of RSA-SHA1  is discouraged according to the XML working draft (go to section 6.1)   for signatures, recently we started working on providing the support of RSA-SHA256 ,RSA-SHA384, RSA-SHA512 algorithm for signatures.


From 10th Mar 2010 Nightly build , the support of above algorithms is available and users can specify the algorithm that they want to use for signatures  with a extra configuration steps.


For example, if you want to use RSA-SHA512 as signature algorithm , you have to configure one extra custom attribute in the AlgorithmSuite as follows:


                       <sp:AlgorithmSuite signatureAlgorithm="SHA512withRSA">
                                 <wsp:Policy>
                                     <sp:Basic128/>
                                 </wsp:Policy>
                        </sp:AlgorithmSuite>


also for RSA-SHA256:


                              <sp:AlgorithmSuite signatureAlgorithm="SHA256withRSA">

                                 <wsp:Policy>

                                     <sp:Basic128/>

                                 </wsp:Policy>

                        </sp:AlgorithmSuite>


You can check the algorithm used for signature request/response  messages. For ex:you should see something similar to the below snippet , depending on your algorithm configuration:


............................
<ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
           <exc14n:InclusiveNamespaces PrefixList="wsse S"/>
        </ds:CanonicalizationMethod>
       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha512"/>
 <ds:Reference URI="#_5002">


.............................


Please note that the default signature algorithm used is "rsa-sha1" , so if you don't specify any algorithm attribute in the AlgorithmSuite , it will take only "rsa-sha1"



Please use the latest nightly builds  , if you want to use the above feature


Download Link:


https://metro.dev.java.net/servlets/ProjectDocumentList?folderID=11914&expandFolder=11914&folderID=10314

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Suresh Mandalapu

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today