+

Search Tips   |   Advanced Search

Algorithms settings


To view the supported cryptographic and cannonicalization algorithms. Algorithms are used to reconcile XML differences.

To view this admin console page:

  1. Click Services > Policy sets > Application policy sets > policy_set_name.

  2. Click the WS-Security policy in the Policies table.

  3. Click the Main policy link or the Bootstrap policy link.

  4. Click the Algorithms for symmetric tokens link or the Algorithms for asymmetric tokens link.

This admin console panel applies only to Java™ API for XML Web Services (JAX-WS) applications.

Algorithm suite

Supported algorithms that are required for performing cryptographic operations with symmetric or asymmetric key-based security tokens.

All of the algorithm values in this field specify an algorithm suite. Algorithm suites and the values they each represent are detailed in the WS-Security Policy Language (WS-SecurityPolicy) July 2005 V1.1 specification. Select a supported algorithm from the following list:

  • Basic256

  • Basic192

  • Basic128

  • TripleDes

  • Basic256Rsa15

  • Basic192Rsa15

  • Basic128Rsa15

  • TripleDesRsa15

  • Basic256Sha256

  • Basic192Sha256

  • Basic128Sha256

  • TripleDesSha256

  • Basic256Sha256Rsa15

  • Basic192Sha256Rsa15

  • Basic128Sha256Rsa15

  • TripleDesSha256Rsa15

This table defines values for the components for each algorithm suite.


Table 1. Algorithm suite components

Algorithm Suite Digest Encryption Symmetric Key Wrap Asymmetric Key Wrap Encryption key Derivation Signature key Derivation Minimum Symmetric Key Length
Basic256 Sha1 Aes256 KwAes256 KwRsaOaep PSha1L256 PSha1L192 256
Basic192 Sha1 Aes192 KwAes192 KwRsaOaep PSha1L192 PSha1L192 192
Basic128 Sha1 Aes128 KwAes128 KwRsaOaep PSha1L128 PSha1L128 128
TripleDes Sha1 TripleDes KwTripleDes KwRsaOaep PSha1L192 PSha1L192 192
Basic256Rsa15 Sha1 Aes256 KwAes256 KwRsa15 PSha1L256 PSha1L192 256
Basic192Rsa15 Sha1 Aes192 KwAes192 KwRsa15 PSha1L192 PSha1L192 192
Basic128Rsa15 Sha1 Aes128 KwAes128 KwRsa15 PSha1L128 PSha1L128 128
TripleDesRsa15 Sha1 TripleDes KwTripleDes KwRsa15 PSha1L192 PSha1L192 192
Basic256Sha256 Sha256 Aes256 KwAes256 KwRsaOaep PSha1L256 PSha1L192 256
Basic192Sha256 Sha256 Aes192 KwAes192 KwRsaOaep PSha1L192 PSha1L192 192
Basic128Sha256 Sha256 Aes128 KwAes128 KwRsaOaep PSha1L128 PSha1L128 128
TripleDesSha256 Sha256 TripleDes KwTripleDes KwRsaOaep PSha1L192 PSha1L192 192
Basic256Sha256Rsa15 Sha256 Aes256 KwAes256 KwRsa15 PSha1L256 PSha1L192 256
Basic192Sha256Rsa15 Sha256 Aes192 KwAes192 KwRsa15 PSha1L192 PSha1L192 192
Basic128Sha256Rsa15 Sha256 Aes128 KwAes128 KwRsa15 PSha1L128 PSha1L128 128
TripleDesSha256Rsa15 Sha256 TripleDes KwTripleDes KwRsa15 PSha1L192 PSha1L192 192

When using a Kerberos custom token based on the OASIS WS-Security Specification for Kerberos Token Profile V1.1, only Aes128, Aes256, and TripleDes encryption-based algorithm suites are supported.

Cannonicalization algorithm

Whether to use inclusive or exclusive cannonicalization.

The following supported cannonicalization algorithms are available in this list:

  • Exclusive cannonicalization

  • Inclusive cannonicalization

The default value is Exclusive cannonicalization.

XPath version

Version of the XPath filter to use.

The following supported XPath versions are available:

  • XPath 1.0

  • XPathfilter 2.0

The XPathfilter 2.0 version is the default value.

Use security token reference transformation

Whether the security token reference is transformed. Indicate whether the security token reference transform is either True or False.





 

Related tasks


Set the WS-Security policy
Manage policy sets

 

Related


Application policy sets collection
Application policy set settings
Main policy and bootstrap policy settings