Algorithms settings
Use this page to view the supported cryptographic and canonicalization algorithms. Algorithms are used to reconcile XML differences.
To view this administrative console page:
- Click .
- Click the WS-Security policy in the Policies table.
- Click the Main policy link or the Bootstrap policy link.
- Click the Algorithms for symmetric tokens link or the Algorithms for asymmetric tokens link.
This administrative console page applies only to Java™ API for XML Web Services (JAX-WS) applications.
Algorithm suite
Specifies the supported algorithms that are required for performing cryptographic operations with symmetric or asymmetric key-based security tokens.
All of the algorithm values in this field specify an algorithm
suite. Algorithm suites and the values they each represent are detailed
in the Web Services Security Policy Language (WS-SecurityPolicy)
July 2005 Version 1.1 specification. Select a supported algorithm
from the following list:
- Basic256
- Basic192
- Basic128
- TripleDes
- Basic256Rsa15
- Basic192Rsa15
- Basic128Rsa15Note: Basic128Rsa15 is the default when a new policy set is created.
- TripleDesRsa15
- Basic256Sha256
- Basic192Sha256
- Basic128Sha256
- TripleDesSha256
- Basic256Sha256Rsa15
- Basic192Sha256Rsa15
- Basic128Sha256Rsa15
- TripleDesSha256Rsa15
This table defines values for the components for each algorithm
suite.
When using a Kerberos custom token based on the OASIS Web
Services Security Specification for Kerberos Token Profile V1.1, only
Aes128, Aes256, and TripleDes encryption-based algorithm suites are
supported.
Algorithm Suite | Digest | Encryption | Symmetric Key Wrap | Asymmetric Key Wrap | Encryption key Derivation | Signature key Derivation | Minimum Symmetric Key Length |
---|---|---|---|---|---|---|---|
Basic256 | Sha1 | Aes256 | KwAes256 | KwRsaOaep | PSha1L256 | PSha1L192 | 256 |
Basic192 | Sha1 | Aes192 | KwAes192 | KwRsaOaep | PSha1L192 | PSha1L192 | 192 |
Basic128 | Sha1 | Aes128 | KwAes128 | KwRsaOaep | PSha1L128 | PSha1L128 | 128 |
TripleDes | Sha1 | TripleDes | KwTripleDes | KwRsaOaep | PSha1L192 | PSha1L192 | 192 |
Basic256Rsa15 | Sha1 | Aes256 | KwAes256 | KwRsa15 | PSha1L256 | PSha1L192 | 256 |
Basic192Rsa15 | Sha1 | Aes192 | KwAes192 | KwRsa15 | PSha1L192 | PSha1L192 | 192 |
Basic128Rsa15 | Sha1 | Aes128 | KwAes128 | KwRsa15 | PSha1L128 | PSha1L128 | 128 |
TripleDesRsa15 | Sha1 | TripleDes | KwTripleDes | KwRsa15 | PSha1L192 | PSha1L192 | 192 |
Basic256Sha256 | Sha256 | Aes256 | KwAes256 | KwRsaOaep | PSha1L256 | PSha1L192 | 256 |
Basic192Sha256 | Sha256 | Aes192 | KwAes192 | KwRsaOaep | PSha1L192 | PSha1L192 | 192 |
Basic128Sha256 | Sha256 | Aes128 | KwAes128 | KwRsaOaep | PSha1L128 | PSha1L128 | 128 |
TripleDesSha256 | Sha256 | TripleDes | KwTripleDes | KwRsaOaep | PSha1L192 | PSha1L192 | 192 |
Basic256Sha256Rsa15 | Sha256 | Aes256 | KwAes256 | KwRsa15 | PSha1L256 | PSha1L192 | 256 |
Basic192Sha256Rsa15 | Sha256 | Aes192 | KwAes192 | KwRsa15 | PSha1L192 | PSha1L192 | 192 |
Basic128Sha256Rsa15 | Sha256 | Aes128 | KwAes128 | KwRsa15 | PSha1L128 | PSha1L128 | 128 |
TripleDesSha256Rsa15 | Sha256 | TripleDes | KwTripleDes | KwRsa15 | PSha1L192 | PSha1L192 | 192 |
Canonicalization algorithm
Specifies whether to use inclusive or exclusive canonicalization.
The following supported canonicalization algorithms are available
in this list:
- Exclusive canonicalization
- Inclusive canonicalization
XPath version
Specifies the version of the XPath filter to use.
The following supported XPath versions are available:
- XPath 1.0
- XPathfilter 2.0
Use security token reference transformation
Specifies whether the security token reference is transformed. Indicate whether the security token reference transform is either True or False.