[xmlsec] is it possible to do signatures with AES?

Rich Salz rsalz at datapower.com
Thu Dec 18 13:48:09 PST 2003

> I've been looking into this a bit more.  As far as I can tell there are
> no known plaintext attacks against AES.  Am I missing something?  Or is
> it just bad in theory to add to the number of plaintexts available for a
> key?

Just paranoia; known-plaintext against DES, so eventually probably be the
same thing for any symmetric cipher.

More importantly, since AES is symmetric, anyone who can *verify* a
signature has the key and can therefore *generate* a signature.
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

More information about the xmlsec mailing list