search

creepyjim / simplesamlphp

Automatically exported from code.google.com/p/simplesamlphp
0 stars 0 forks source link

Optional XML encryption profile used #443

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
We use the "RSAES-PKCS1-v1_5" padding method when encrypting 128-bit AES keys. 
We should instead use "RSA-OAEP", which is mandatory to implement.

See: http://www.w3.org/TR/xmlenc-core/#sec-Alg-KeyTransport

Original issue reported on code.google.com by olavmrk@gmail.com on 27 Oct 2011 at 11:06

GoogleCodeExporter commented 8 years ago 
Fixed in 1.10.0-rc1.

Original comment by jaim...@gmail.com on 3 Aug 2012 at 9:01