How to find out if a Shib SP would be able to decrypt using AES128-GCM?
lenggenhager at switch.ch
Wed Jan 13 16:37:13 UTC 2021
The GCMEncryption wiki page  claims in the section 'Deployer Impact' that
> most Shibboleth SPs (usually recognizeable via entityID and by the /Shibboleth.sso paths in their endpoints) support GCM and most other SPs do not.
However, I haven't found any hint how I as SP administrator could easily
find out whether my SP would be able to decrypt AES128-GCM encrypted
assertions, if its metadata would publish support for this algorithm.
I guess it depends on the SP version as well as the OpenSSL version in
use. Any other dependencies?
We would like to start publishing AES128-GCM support for SPs registered
in SWITCHaai without causing too much overhead for the SP admins.
Has someone hands on experience with AES128-GCM on Shib SPs?
Any hints appreciated, thank you in advance,
Thomas Lenggenhager, Trust & Identity
Werdstrasse 2, P.O. Box, 8021 Zurich, SWITZERLAND
phone +41 44 268 1515, direct +41 44 268 1541
More information about the users