[EMAIL PROTECTED] wrote:
Note that you are mixing MimeType and Type attributes. The only two defined values for Type attribute are "content" and "element" :
http://www.w3.org/TR/xmlenc-core/#sec-Processing-Decryption
Well I understood if differently. Here it says:
5. Process decrypted data if Type is unspecified or is not 'element' or element 'content'.
and then in paragraph 4.3 it says:
For example, if the application wishes to canonicalize its data or encode/compress the data in an XML packaging format, the application needs to marshal the XML accordingly and identify the resulting type via the EncryptedData Type attribute
I understood this that if I want to compress xml data before encryption then I should use: <EncryptedData Type="http://www.isi.edu/in-notes/iana/assignments/media-types/application/zip";> ... Did I miss something ? It says here pretty clearly that I have to indicate this using the Type atribute?
Yes, you can. But it will not be something defined in the spec or implemented in xmlsec :)
No, you need only one keys manager. Just make sure that you can identify correct encryption key from each EncryptedKey (e.g. using key name == cert subject).
Thank's I'll try that. So do you then set KeyName to subjects DN or CN ?
KeyName is arbitrary string. It's up to application to decide what it is in each partiular case. key name == cert subject was just an example.
2) Next you need to put <X509Data/> into the template. You can further specify what exactly do you want with <X509Data/> children (e.g. <X509SKI>, etc.)
Does this work also with "dynamic template" like encrypt3.c sample?
Yes. Dynamic and static templates are only different on the template creation stage :)
Aleksey
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
