The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Guy Halse <guy AT tenet.ac.za>]

    Hi

On 2020/08/06 11:46, Matthew Slowe wrote:

    I don't
      know a huge amount about the inner workings of the different
      algorithms, but I do wonder if SimpleSAMLphp doesn't support
      "rsa-oaep" but does support "rsa-oaep-mgf1p" but, because the
      first one is listed first it's using that? 
    
    Having gone through the source of robrichards/xmlseclibs v3.0.4,
    which is the version of the library that SimpleSAMLphp 1.18.x is
      using, I can confirm that it does not support/recognise
    rsa-oaep.
    
    The xmlseclibs source only
      mentions these encryption algorithms:

• http://www.w3.org/2001/04/xmlenc#aes128-cbc
• http://www.w3.org/2001/04/xmlenc#aes192-cbc
• http://www.w3.org/2001/04/xmlenc#aes256-cbc
• http://www.w3.org/2001/04/xmlenc#tripledes-cbc
• http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p

There's no mention of http://www.w3.org/2009/xmlenc11#rsa-oaep in the source.

Support for more algorithms (including AES-GCM) is in v3.1.0 of xmlseclibs, which is currently used by the development versions of SSP.

    - Guy
    --

Guy Halse
Executive Officer: Trust & Identity Tertiary Education & Research Network of South Africa NPC Fault Reporting: +27(21)763-7147 or support AT tenet.ac.za
Office: +27(21)763-7102
http://www.tenet.ac.za/contact
https://orcid.org/0000-0002-9388-8592

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature