[Esapi-dev] ESAPI 2.0 crypto
Kevin W. Wall
kevin.w.wall at gmail.com
Sat Feb 6 00:10:22 EST 2010
Brent Shikoski wrote:
> Kevin,
>
> I'm getting a failure on the 2.0 tests. [Failed tests:
> testPortableSerialization(org.owasp.esapi.crypto.CipherTextTest)]
>
> The issue is line 200 of CipherTextTest:
> key = CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(),
> 256);
>
> changing it to
> key = CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(),
> 128);
>
> fixes it, so I'm guessing it's because I'm not using the unlimited strength
> crypto. Do we want to make this a requirement to make the tests pass?
No, there's a CryptoPolicy helper class to check to see if the unlimited
strength jurisdiction policy files are installed. I will use that to see
if they are installed, and if they are I'll use 256-bit, else I'll use 128-bit.
Will have that done by tomorrow morning. (Almost finished now, but am getting
*really* sleepy and don't want to screw this up.)
Will reply to your email "on-list" when it is fixed.
-kevin
--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
More information about the Esapi-dev
mailing list