Question about encrypted assertions
Cantor, Scott
cantor.2 at osu.edu
Wed Sep 19 13:31:56 EDT 2018
On 9/19/18, 7:05 AM, "users on behalf of Losen, Stephen C (scl)" <users-bounces at shibboleth.net on behalf of scl at virginia.edu> wrote:
> how does the Shibboleth IDP encrypt an assertion?
That is not a one sentence (or paragraph, or email) answer.
> Does the IDP generate a random symmetric key on the fly?
Yes.
> How does the IDP pass the symmetric key to the SP securely? Does the IDP encrypt the symmetric key using the public
> (RSA) key in the cert contained in the SP metadata?
Yes.
> Looks like the IDP also signs the symmetric key.
It does not.
> Seems like a lot of extra work, why not simply encrypt the entire assertion with RSA using the SP's public RSA key?
That's not how RSA encryption works, it can't encrypt large data blocks.
-- Scott
More information about the users
mailing list