Error creating SP metadata when adding X509 certificate for encryption

Cantor, Scott cantor.2 at
Mon Feb 26 20:48:25 EST 2018

> I'm a bit confused. Are you saying even if I had a valid certificate not using the
> PKCS 1.5 in the SP metadata it wouldn't be used.

Certificates do not "use" RSA methods like PKCS 1.5. OAEP and PKCS1.5 are padding methods used when encrypting AES keys with RSA public keys. The certificate has nothing to do with this, it's merely a way of communicating a public key to begin with.

I don't recall exactly what it will do when there's an EncryptionMethod algorithm included that is barred. It may fall back to the OAEP padding method that's not broken or it may give up and assume the SP doesn't support anything else. I thought it did the latter, but you're not getting far enough to tell.

I simply was observing that they don't know what they're doing even more than was already noted and that using that metadata as is might not work even if the certificate weren't broken.

-- Scott

More information about the users mailing list