Key Transport Algorithm for XML Encryption

Cantor, Scott cantor.2 at
Mon Nov 28 20:48:32 GMT 2011

On 11/28/11 4:46 PM, "shibboleth at" <shibboleth at> wrote:
>I am trying to interoperate with a Service Provider that does
>not support RSA_OAEP, so if it is still true could someone
>provide a quick pointer to the where in Java IDP code I should
>look to tweak this.

Note that that there are some potential weaknesses in 1.5 that relying
parties have to mitigate.

I believe the setting is in one of the lower level jars, probably
xmltooling. Best thing would be to search for the constant, or a reference
to the constant as defined by xmlsec.

-- Scott

More information about the users mailing list