Layer7 API Management

 View Only
  • 1.  Need to change default DigestMethod's SHA 256 algorithm of Security Signature ?

    Posted Mar 02, 2018 03:43 PM

    Currently using CA API Gateway's WS-Security Decoration Assertion to sign request element using SHA 256 as a Signature Digestive Algorithm for a third party WS call but by default it is taking 

    Algorithm = "http://www.w3.org/2001/04/xmlenc#sha256

    The requirement is to have Algorithm = "http://www.w3.org/2000/09/xmldsig#sha256".

    How can I change this DigestMethod Algorithm ?



  • 2.  Re: Need to change default DigestMethod's SHA 256 algorithm of Security Signature ?

    Posted Mar 14, 2018 01:22 AM

    Hi,

     

    I am also having similar question. There is a further question about using SHA2 Digest Algorithm. Is it supported by CA API gateway 9.20? I can't find it in the dropdown of "Signature Digest Algorithm".#caapigateway9.2

    I can't see/find http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 (signature method algorithm) or "http://www.w3.org/2001/04/xmlenc#sha256" (Digest Method Algorithm) in the dropdown of Encryption Algorithm (Encryption tab).

    My client has a requirement to support above mentioned Algorithms.



  • 3.  Re: Need to change default DigestMethod's SHA 256 algorithm of Security Signature ?
    Best Answer

    Broadcom Employee
    Posted Mar 14, 2018 05:53 PM

    Hello,

    Please refer to Configure WS-Security Decoration Assertion - CA API Gateway - 9.3 - CA Technologies Documentation

    "

    • Signature Digest Algorithm: Choose the Signature Digest Algorithm to use: SHA-1, SHA-256, SHA-384, SHA-512. The default "<Unchanged>" setting uses the algorithm in the target message's existing decoration requirements. 

    The Signature Digest Algorithm can also be set in the Sign Element Assertion.

    "

    So, only SHA-1, SHA-256, SHA-384, SHA-512 are available.

     

    For SHA2, we may need to create an idea.

     

    Regards,

    Mark



  • 4.  Re: Need to change default DigestMethod's SHA 256 algorithm of Security Signature ?

    Posted Mar 14, 2018 06:51 PM

    Mark_HE,

     

    Thanks for your response. As you mentioned "SHA2 is not currently available" . Our client has requirement of supporting

    Signature Digest Algorithm of "SHA2" with Signature method algorithm of " http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 " and Digest Method Algorithm of "http://www.w3.org/2001/04/xmlenc#sha256".

    Do I need to raise a service request for it?



  • 5.  Re: Need to change default DigestMethod's SHA 256 algorithm of Security Signature ?

    Broadcom Employee
    Posted Mar 14, 2018 07:56 PM

    Dear Rudra,

    For new enhancement/improvement/requirement, we should create idea ticket on community.

     

    Regards,

    Mark