AES256-CBC for encryption?
Cantor, Scott
cantor.2 at osu.edu
Mon May 13 11:38:29 EDT 2019
On 5/13/19, 11:23 AM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> Thanks, Scott. I'm still not getting this to work, though. I've added the encryption algorithm to the metadata inside the
> encryption key descriptor block:
Looks right, but you can add the schema validation filter, maybe it will spot something subtle.
> But looking at the response, it's still showing AES128-CBC.
Don't know why that would be. I'll try it out with something myself just as a test, though I have done it with GCM in the past.
> Any other possibilities you can think of? Is it correct the <KeyDescriptor> and <EncryptionMethod> are in the same XML
> schema namespace? I don't need to prefix EncryptionMethod with anything if I'm not prefixing KeyDescriptor, correct?
It looks like the correct element to me.
-- Scott
More information about the users
mailing list