[jira] Commented: (RAMPARTC-74) wrong encryption with oxs_token_build_encrypted_data_element

Supun Kamburugamuva (JIRA) Mon, 12 May 2008 05:02:20 -0700

    [ 
https://issues.apache.org/jira/browse/RAMPARTC-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12596044#action_12596044
 ]


Supun Kamburugamuva commented on RAMPARTC-74:
---------------------------------------------

The way we use this API is as follows. First we create the EncryptedData 
element. Then we give this empty EncryptedData element to the actual encryption 
method along with the actual node to be encrypted.

Here is an example. sec_node is the security node, node_to_enc is the node to 
be encrypted and enc_data_node is the empty EncryptedData node. 

    enc_data_node = oxs_token_build_encrypted_data_element(
                        env, sec_node, OXS_TYPE_ENC_ELEMENT, id );

    enc_status = oxs_xml_enc_encrypt_node(
        env, enc_ctx, node_to_enc, &enc_data_node, 
key_reference_for_encrypted_data);

The newly created enc_data_node should be the immediate sibling of the node to 
be encrypted(i.e enc_data_node). But if the node to be encrypted is the root 
node we are in trouble. 

My suggestion is to introduce another method with something like 
oxs_token_build_encrypted_data_element_with_enc_node. This method will take one 
additional argument i.e node to be encrypted. If the node to be encrypted has a 
parent this method will create the enc_data_node as an immediate child of the 
node to be encrypted.

I'm suggesting a new method because otherwise we will have to do an API change. 
But my personal belief is that the existing 
oxs_token_build_encrypted_data_element is incorrect and we should change that 
method.
    


> wrong encryption with oxs_token_build_encrypted_data_element
> ------------------------------------------------------------
>
>                 Key: RAMPARTC-74
>                 URL: https://issues.apache.org/jira/browse/RAMPARTC-74
>             Project: Rampart/C
>          Issue Type: Bug
>          Components: Rampart-core
>            Reporter: Lukas JOSEFIK
>            Assignee: S.Uthaiyashankar
>
> if you encrypt data and use oxs_token_build_encrypted_data_element, there can 
> be problem with signed encrypted data verification. Problem is that 
> oxs_token_build_encrypted_data_element calls axiom_element_create, which adds 
> ecnrypteddata element to the end of children list. but if we consider element 
> X and we want encrypt subelement B(<X>0x0a<B>0x0a<X>), encryption ends with 
> <X>0x0a0x0a<EncryptedData...><X>. After decryption the data looks 
> <X>0x0a0x0a<B><X> and verification fails...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (RAMPARTC-74) wrong encryption with oxs_token_build_encrypted_data_element

Reply via email to