WSE3003 Error - encryption algorithm differs on client and server

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Julie Lerman - 12 Feb 2006 21:59 GMT

I find one unanswered question in this newsgroup but nothing else about this
error.

When my client is windows xp and server is the same, I don't get this.
When my client is windows xp and server is Win2003, I don't get this.
But when the client is Windows 2000 and server is Win2003, I DO get this.

It looks like I need to do something in the client application to force it
to encrypt in the way that the server wants.

Here ist he detailed error.

An unsupported signature or encryption algorithm was used --->
System.Exception: WSE3002: The receiver is expecting the key wrapping
algorithm to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, but the
incoming message used http://www.w3.org/2001/04/xmlenc#rsa-1_5. You can
change the key wrapping algorithm through configuring security token
manager.

How can I tell the client app to use the first algorithm for encryption.

I can see in the client's output soap where it is using rsa-1.5 to encrypt
the security token reference.

thanks for any help.

julie

Reply to this Message

Julie Lerman - 12 Feb 2006 22:36 GMT

looks like KDV is having a similar issue in a message dates 2/10/06. If you
want to reply there, I will watch that thread.

julie

>I find one unanswered question in this newsgroup but nothing else about
>this error.
[quoted text clipped - 23 lines]
>
> julie

Reply to this Message

Pablo Cibraro - 13 Feb 2006 14:19 GMT

Hi Julie,
For Windows 2000, the default key-wrap algorithm is "rsa-1.5". For Win XP or
W2k3, it is "rsa-oaep".
I think this happens because the "rsa-oaep" algorithm is not supported in
W2k.

I reflected the X509SecurityTokenManager class in WSE and this is what I
got:

void SetPlatformDependentDefault()
{
if (Environment.OSVersion.Version.Major == 5 &&
Environment.OSVersion.Version.Minor == 0)
DefaultKeyAlgorithm = "RSA15";
else
DefaultKeyAlgorithm = "RSAOAEP";
}

In order to change the default algorithm, you need to add the following
setting to the configuration file:

RSA 1.5

<microsoft.web.services3>
<security>
<binarySecurityTokenManager>
<add
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
<keyAlgorithm name="RSA15" />
</add>
</binarySecurityTokenManager>
</security>
</microsoft.web.services3>

RSA OAEP

<microsoft.web.services3>
<security>
<binarySecurityTokenManager>
<add
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
<keyAlgorithm name="RSAOAEP" />
</add>
</binarySecurityTokenManager>
</security>
</microsoft.web.services3>

I hope this can help you.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> looks like KDV is having a similar issue in a message dates 2/10/06. If
> you want to reply there, I will watch that thread.
[quoted text clipped - 28 lines]
>>
>> julie

Reply to this Message

Julie Lerman - 13 Feb 2006 14:43 GMT

Pablo - while you were typing this, I was typing a blog post about YOU
becasue I just found your september post.

If figured as much about the defaults and have been tryingn to figure out
how to get around it.

Unfortunately, I can't get onto the win2000 client this morning. Uggh But I
did manage to affect the encrtyption - testing on my xp machine and forcing
it to use rsa15 - thus emulating my error on the windows 2000 box.

So I have to get back on the 2000 box and see if it wil know how to do oaep
if I tell it to override the default.

Either way, you totally rock!

Julie

> Hi Julie,
> For Windows 2000, the default key-wrap algorithm is "rsa-1.5". For Win XP
[quoted text clipped - 83 lines]
>>>
>>> julie

Reply to this Message

WSE3003 Error - encryption algorithm differs on client and server

Free Magazines