[x3d-public] Apache Santuario Java - XML security test sat

[John Carlson]

Here is some info on using RSA with GPG and migration away from RSA:

https://security.stackexchange.com/questions/178994/generate-new-key-ecc-vs-rsa




On Fri, Dec 6, 2019 at 4:10 AM John Carlson <yottzumm at gmail.com> wrote:

>
>
> On Thu, Dec 5, 2019 at 5:25 PM <yottzumm at gmail.com> wrote:
>
>>
>> I would tend to use Gnu Privacy Guard (GPG)with JSON and have already
>> implemented some simple test cases for X3D JSON (somewhere), however the
>> information about GPG may be around 8 years old, and I don't know what
>> they're doing with RSA in GPG.  I can ask a few of my security friends if
>> someone becomes very interested in this.
>>
>
> After some putzing around with the code, I got x3dserve working locally.
> Here is the source code:
>
> https://github.com/coderextreme/x3dserve
>
> Note that I no longer use a stylesheet to convert XML to JSON.  I use my
> own serializer.  This was because I couldn't get java to work from node.js
> code.   Well, I didn't want to install python 2.7 which node-gyp seems to
> depend on.
>
> But I think most aspects of encryption are covered.
>
> Further work involved removing dependencies on Python 2.7 in X3DJSONLD.
> Python 2 support ends at the end of the month!
>
> Hopefully the node-gyp/java guys will get on the ball, and I won't have to
> flip any other code.
>
> This is a warning for all those that reinstall X3DJSONLD.  Keep your
> environment the same until I can upgrade X3DJSONLD.
>
> Also this puts more pressure on Saxonica to get a good free JavaScript
> version in the browser.
>
> Good luck if you use my code.  It's intended for private use, and not to
> be put up on a server.
>
> It appears that the default --gen-key with GPG uses RSA.  That is
> something that should be looked at.
>
> John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20191206/128b61c1/attachment.html>