Add support for Ellipitic Curve w/ brainpool

[TheoGoudout]

There is an AS4 profile called BDEW (cf. https://www.bundesnetzagentur.de/DE/Beschlusskammern/1_GZ/BK6-GZ/2021/BK6-21-282/Mitteilung02/AS4%20Profil.pdf?__blob=publicationFile&v=1) used for the energy market in Germany. This profile requires the usage of Elliptic Curve with brainpoolP256r1 algorithms (ECDSAwithSHA256, etc.) for signing and encrypting.

I've tried to configure Holodeck B2B in order to use my locally generated EC certificates with no luck so far.

Could you please consider adding support for this class of algorithms. If this is already the case, could you please add an example configuration ? I believe some people could be interested in using your application for this purpose.

Thanks

[sfieten]

Version 6.1.0 should support signing with EC based algorithms, but it does not support EC based encryption as this requires the implementation of the Key Agreement mechanism which is not part of the AS4 an/or WS-Security standards and therefore requires additional development.

We are now working on support for the EC based Diffie Hellman Key Agreement Ephemeral Static Mode mechanism in Holodeck B2B version 7.

[ilicalex]

I am also interested to have this BDEW profile support

[ilicalex]

If my friends and I can contribute to the open source project in order to speed up AS4 BDEW profile support in segment of EC based encryption and implementation of the Key Agreement mechanism, we will be happy to assist

[sfieten]

The SNAPSHOT version in the next branch now includes support for the EC based signing and Diffie-Hellman Key Agreement method for exchanging the symmetric encryption keys.

NOTES:

1. Issue #124 has not been fixed yet, so you need to build the interfaces, core and ebms3as4 modules first, then file-backend and then the main project again.
2. This version is still in development and should therefore not be used in a production environment!
3. To enable the use of Brainpool curves you also need to adjust the jdk.disabled.namedCurves property in java.security and remove the brainpool curves from the list of blocked curves.

[RobertArmic]

@sfieten, is there a possibility for you to provide the binary files for next branch? Or at least for file-backend? Your proposed workaround for circular dependency does not work (file-backend depends on holodeckb2b-ebms3as4 and some other artifacts, building just interfaces module was not enough for me to get it working).

[sfieten]

@RobertArmic, you're right that only buidling the interfaces module isn't enough to be able to build the file back-end project. Also the core and ebms3as4 modules need to be built. I've updated my comment to reflect this.

Regarding binaries; we only provide these for final releases which can be used in production environments. If you however would like to participate in testing of the new features, contact use via the contact form on our website.

[ilicalex]

Hello Sander, MS JDK 11 works like a charm. Brainpool curves enabled. Two P-modes (SEND and RECEIVE separately) with minor adjustments loaded successfully. Please find attached machine translated BDEW AS4 profile documentation to get the closer look into the details. Original (in German): AS4 Profil.pdf (bundesnetzagentur.de)<https://www.bundesnetzagentur.de/DE/Beschlusskammern/1_GZ/BK6-GZ/2021/BK6-21-282/Mitteilung02/AS4%20Profil.pdf?__blob=publicationFile&v=1> I am already adjusting our p-mode for Tennet in the known parts… If you detect troublesome details let us know. Best regards, Aleksandar Ilić From: Sander Fieten ***@***.***> Sent: Friday, April 5, 2024 12:19 PM To: holodeck-b2b/Holodeck-B2B ***@***.***> Cc: Aleksandar Ilić ***@***.***>; Comment ***@***.***> Subject: Re: [holodeck-b2b/Holodeck-B2B] Add support for Ellipitic Curve w/ brainpool (Issue #147) CAUTION: This message was sent from outside of our organization. The original sender of this e-mail is ***@***.*** Please do not click links or open attachments unless you recognize the source of this email and know the content is safe. If in doubt, watch our safety guidelines<https://genidoo-my.sharepoint.com/:v:/g/personal/studio_gen-i_si/ER03jV9ZPRhPmuidLeKRA2kBep8hvlo0kP-OzjgQnSZ43Q>. Please report all suspicious emails to Helpdesk as an attachment. @RobertArmic<https://github.com/RobertArmic>, you're right that only buidling the interfaces module isn't enough to be able to build the file back-end project. Also the core and ebms3as4 modules need to be built. I've updated my comment to reflect this. Regarding binaries; we only provide these for final releases which can be used in production environments. If you however would like to participate in testing of the new features, contact use via the contact form on our website<http://holodeck-b2b.org/contact/>. — Reply to this email directly, view it on GitHub<#147 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AG3LSA6ZQLONMHKDKZSVRGLY3Z27XAVCNFSM6AAAAAA73XXQWKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZZGQZDOMJYGM>. You are receiving this because you commented.Message ID: ***@***.***>

…

________________________________ OPOZORILO: Ta elektronska pošta vsebuje informacije, ki so lahko zaupne narave. Namenjene so samo naslovniku. Če je bilo zaradi napake v naslovu ali pri prenosu sporočilo poslano drugam, prosimo, da o tem nemudoma obvestite pošiljatelja elektronskega sporočila. Če sporočilo ni bilo namenjeno vam, ne smete uporabljati, razkriti, širiti, kopirati, natisniti ali kakorkoli uporabiti informacije v sporočilu. DISCLAIMER: This e-mail contains proprietary information some or all or all which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the sender by immediately replying to this mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely on this e-mail.

________________________________