gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Berin Lautenbach" <be...@wingsofhermes.org>
Subject Re: Failures in xml-security
Date Mon, 01 Mar 2004 23:12:44 GMT
> On Mon, 01 Mar 2004, Stefan Bodewig <bodewig@apache.org> wrote:

> If I do so for the latest version, I get a different type of error
> message
>
>    [junit] org.apache.xml.security.encryption.XMLEncryptionException:
>    Padding: ISO10126PADDING not implemented [junit] Original Exception
>    was javax.crypto.NoSuchPaddingException: Padding: ISO10126PADDING
>    not implemented [junit] 	at
>    org.apache.xml.security.encryption.XMLCipher.getInstance(XMLCipher.java:285)>
> but it looks as if bouncycastle doesn't get used at all.

Yup - thus my original question :>.  The SunJCE only supports
PKCS5Padding, which is not quite what we need (it's fussy in places that
break the interop testing for xml-security).
But what I don't understand is why it (the SunJCE) is getting called.  I
am running a 1.4 JRE and still getting BC called for all crypt.  I
actually have to explictly remove BC from the CLASSPATH and update some
configurations inside xml-security, to get these errors.
> If I only use the provider jar and nothing else, I again get another
> error (something about not being able to find provider "BC" or not
> being able to verify it).
>
> To me it looks as if we'd have to install things to use bouncycastle
> with JDK 1.4 anyway, at least the unrestricted policy file has to be
> installed.  I'd be glad if anybody with a better JCE background than I
> have could help out here.

That's got me confused as well.  If the policy files are not installed,
then we should be getting errors about unsupported key lengths long before
we get a padding error - or at least that's my experience.
Let me play around on a test system and see if I can replicate the problem
on a test system here.
Cheers,
     Berin




---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@gump.apache.org
For additional commands, e-mail: general-help@gump.apache.org


Mime
View raw message