| Groups | Blog | Home |
dotnet web services enhancements : WSE3003 Error - encryption algorithm differs on client and server
error. When my client is windows xp and server is the same, I don't get this. When my client is windows xp and server is Win2003, I don't get this. But when the client is Windows 2000 and server is Win2003, I DO get this. It looks like I need to do something in the client application to force it to encrypt in the way that the server wants. Here ist he detailed error. An unsupported signature or encryption algorithm was used ---> System.Exception: WSE3002: The receiver is expecting the key wrapping algorithm to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, but the incoming message used http://www.w3.org/2001/04/xmlenc#rsa-1_5. You can change the key wrapping algorithm through configuring security token manager. How can I tell the client app to use the first algorithm for encryption. I can see in the client's output soap where it is using rsa-1.5 to encrypt the security token reference. thanks for any help. julie
looks like KDV is having a similar issue in a message dates 2/10/06. If you
want to reply there, I will watch that thread. julie [quoted text, click to view] "Julie Lerman" <jlermanATNOSPAMPLEASEthedatafarm.com> wrote in message news:OJWai7BMGHA.3856@TK2MSFTNGP12.phx.gbl... >I find one unanswered question in this newsgroup but nothing else about >this error. > > When my client is windows xp and server is the same, I don't get this. > When my client is windows xp and server is Win2003, I don't get this. > But when the client is Windows 2000 and server is Win2003, I DO get this. > > It looks like I need to do something in the client application to force it > to encrypt in the way that the server wants. > > Here ist he detailed error. > > An unsupported signature or encryption algorithm was used ---> > System.Exception: WSE3002: The receiver is expecting the key wrapping > algorithm to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, but the > incoming message used http://www.w3.org/2001/04/xmlenc#rsa-1_5. You can > change the key wrapping algorithm through configuring security token > manager. > > How can I tell the client app to use the first algorithm for encryption. > > I can see in the client's output soap where it is using rsa-1.5 to encrypt > the security token reference. > > thanks for any help. > > julie >
Pablo - while you were typing this, I was typing a blog post about YOU
becasue I just found your september post. If figured as much about the defaults and have been tryingn to figure out how to get around it. Unfortunately, I can't get onto the win2000 client this morning. Uggh But I did manage to affect the encrtyption - testing on my xp machine and forcing it to use rsa15 - thus emulating my error on the windows 2000 box. So I have to get back on the 2000 box and see if it wil know how to do oaep if I tell it to override the default. Either way, you totally rock! Julie [quoted text, click to view] "Pablo Cibraro" <pcibraro@hotmail.com> wrote in message news:u4VoYhKMGHA.500@TK2MSFTNGP15.phx.gbl... > Hi Julie, > For Windows 2000, the default key-wrap algorithm is "rsa-1.5". For Win XP > or W2k3, it is "rsa-oaep". > I think this happens because the "rsa-oaep" algorithm is not supported in > W2k. > > I reflected the X509SecurityTokenManager class in WSE and this is what I > got: > > void SetPlatformDependentDefault() > { > if (Environment.OSVersion.Version.Major == 5 && > Environment.OSVersion.Version.Minor == 0) > DefaultKeyAlgorithm = "RSA15"; > else > DefaultKeyAlgorithm = "RSAOAEP"; > } > > In order to change the default algorithm, you need to add the following > setting to the configuration file: > > RSA 1.5 > > <microsoft.web.services3> > <security> > <binarySecurityTokenManager> > <add > valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> > <keyAlgorithm name="RSA15" /> > </add> > </binarySecurityTokenManager> > </security> > </microsoft.web.services3> > > RSA OAEP > > <microsoft.web.services3> > <security> > <binarySecurityTokenManager> > <add > valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> > <keyAlgorithm name="RSAOAEP" /> > </add> > </binarySecurityTokenManager> > </security> > </microsoft.web.services3> > > I hope this can help you. > > Regards, > Pablo Cibraro > http://weblogs.asp.net/cibrax > http://www.lagash.com > > "Julie Lerman" <jlermanATNOSPAMPLEASEthedatafarm.com> wrote in message > news:u50FFQCMGHA.2276@TK2MSFTNGP15.phx.gbl... >> looks like KDV is having a similar issue in a message dates 2/10/06. If >> you want to reply there, I will watch that thread. >> >> julie >> >> "Julie Lerman" <jlermanATNOSPAMPLEASEthedatafarm.com> wrote in message >> news:OJWai7BMGHA.3856@TK2MSFTNGP12.phx.gbl... >>>I find one unanswered question in this newsgroup but nothing else about >>>this error. >>> >>> When my client is windows xp and server is the same, I don't get this. >>> When my client is windows xp and server is Win2003, I don't get this. >>> But when the client is Windows 2000 and server is Win2003, I DO get >>> this. >>> >>> It looks like I need to do something in the client application to force >>> it to encrypt in the way that the server wants. >>> >>> Here ist he detailed error. >>> >>> An unsupported signature or encryption algorithm was used ---> >>> System.Exception: WSE3002: The receiver is expecting the key wrapping >>> algorithm to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, but the >>> incoming message used http://www.w3.org/2001/04/xmlenc#rsa-1_5. You can >>> change the key wrapping algorithm through configuring security token >>> manager. >>> >>> How can I tell the client app to use the first algorithm for encryption. >>> >>> I can see in the client's output soap where it is using rsa-1.5 to >>> encrypt the security token reference. >>> >>> thanks for any help. >>> >>> julie >>> >> >> > >
Hi Julie,
For Windows 2000, the default key-wrap algorithm is "rsa-1.5". For Win XP or W2k3, it is "rsa-oaep". I think this happens because the "rsa-oaep" algorithm is not supported in W2k. I reflected the X509SecurityTokenManager class in WSE and this is what I got: void SetPlatformDependentDefault() { if (Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor == 0) DefaultKeyAlgorithm = "RSA15"; else DefaultKeyAlgorithm = "RSAOAEP"; } In order to change the default algorithm, you need to add the following setting to the configuration file: RSA 1.5 <microsoft.web.services3> <security> <binarySecurityTokenManager> <add valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> <keyAlgorithm name="RSA15" /> </add> </binarySecurityTokenManager> </security> </microsoft.web.services3> RSA OAEP <microsoft.web.services3> <security> <binarySecurityTokenManager> <add valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> <keyAlgorithm name="RSAOAEP" /> </add> </binarySecurityTokenManager> </security> </microsoft.web.services3> I hope this can help you. Regards, Pablo Cibraro http://weblogs.asp.net/cibrax http://www.lagash.com [quoted text, click to view] "Julie Lerman" <jlermanATNOSPAMPLEASEthedatafarm.com> wrote in message news:u50FFQCMGHA.2276@TK2MSFTNGP15.phx.gbl... > looks like KDV is having a similar issue in a message dates 2/10/06. If > you want to reply there, I will watch that thread. > > julie > > "Julie Lerman" <jlermanATNOSPAMPLEASEthedatafarm.com> wrote in message > news:OJWai7BMGHA.3856@TK2MSFTNGP12.phx.gbl... >>I find one unanswered question in this newsgroup but nothing else about >>this error. >> >> When my client is windows xp and server is the same, I don't get this. >> When my client is windows xp and server is Win2003, I don't get this. >> But when the client is Windows 2000 and server is Win2003, I DO get this. >> >> It looks like I need to do something in the client application to force >> it to encrypt in the way that the server wants. >> >> Here ist he detailed error. >> >> An unsupported signature or encryption algorithm was used ---> >> System.Exception: WSE3002: The receiver is expecting the key wrapping >> algorithm to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, but the >> incoming message used http://www.w3.org/2001/04/xmlenc#rsa-1_5. You can >> change the key wrapping algorithm through configuring security token >> manager. >> >> How can I tell the client app to use the first algorithm for encryption. >> >> I can see in the client's output soap where it is using rsa-1.5 to >> encrypt the security token reference. >> >> thanks for any help. >> >> julie >> > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |