O.k Thanks. Let me walk through those first. -Bala
-----Original Message----- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Friday, January 18, 2008 1:33 PM To: Balakrishnan Viswanathan Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] encryption works but decryption failed There are plenty of examples in xmlsec/test folder Aleksey Balakrishnan Viswanathan wrote: > Aleksey, > > Thanks again. I fear that I am taking too much of your time just trying > to understand the basics of this tool. > > Basically, what I am trying to accomplish as part of learning this tool > is to encrypt and decrypt a simple xml file and running into problems > with templates, switches etc. > > Is there a place or document where I can find a template, a set of keys, > syntax for encrypt/decrypt that work out-of-the-box, the reason being > such canned examples will help novices like me. > > -Bala > > -----Original Message----- > From: Aleksey Sanin [mailto:[EMAIL PROTECTED] > Sent: Friday, January 18, 2008 1:23 PM > To: Balakrishnan Viswanathan > Cc: xmlsec@aleksey.com > Subject: Re: [xmlsec] encryption works but decryption failed > > Well, your public key can not be used for AES192 encryption > requested by the template. > > Aleksey > > Balakrishnan Viswanathan wrote: >> Aleksey, >> >> Sorry for being a bit dense. This node is already in the template and >> yes I am using pub key?. >> >> -Bala >> >> -----Original Message----- >> From: Aleksey Sanin [mailto:[EMAIL PROTECTED] >> Sent: Friday, January 18, 2008 12:04 PM >> To: Balakrishnan Viswanathan >> Cc: xmlsec@aleksey.com >> Subject: Re: [xmlsec] encryption works but decryption failed >> >> <EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" /> >> >> and you are using public key... >> >> Aleksey >> >> Balakrishnan Viswanathan wrote: >>> Aleksey >>> >>> I took the template >>> >>> > http://svn.gnome.org/viewvc/xmlsec/trunk/tests/aleksey-xmlenc-01/enc-des >>> 3cbc-aes192-keyname.tmpl?view=markup >>> >>> and this time even encrypt failed with "key not found error" >>> >>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt >>> --binary-da >>> ta test.xml --session-key aes-192 --pubkey-pem:test-aes192 >>> leafkeypub.pem --outp >>> ut testenc.xml templatefromaleksey.xml >>> > func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno >>> wn:subj= >>> unknown:error=45:key is not found: >>> > func=xmlSecEncCtxUriEncrypt:file=..\src\xmlenc.c:line=527:obj=unknown:su >>> bj=xmlSe >>> cEncCtxEncDataNodeRead:error=1:xmlsec library function failed: >>> Error: failed to encrypt file "test.xml" >>> Error: failed to encrypt file with template "templatefromaleksey.xml" >>> >>> >>> -Bala >>> >>> -----Original Message----- >>> From: Aleksey Sanin [mailto:[EMAIL PROTECTED] >>> Sent: Friday, January 18, 2008 11:38 AM >>> To: Balakrishnan Viswanathan >>> Cc: xmlsec@aleksey.com >>> Subject: Re: [xmlsec] encryption works but decryption failed >>> >>> Oh, never mine. I got it. You specify "session key" and >>> in this case you *must* add <EncryptedKey> to the template >>> to actually store the session key. Checkout examples >>> in xmlsec/tests/aleksey-xmlenc-01 >>> >>> Aleksey >>> >>> Balakrishnan Viswanathan wrote: >>>> Aleksey, >>>> >>>> I tried that already and same result, commands below:- >>>> >>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt >>>> --binary-da >>>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem >> --output >>>> testenc.x >>>> ml template2withoutKeyName.xml >>>> >>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad >>> testenc.xml >>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt >>>> --privkey-p >>>> em leafkey.pem --output testdecrypt.xml testenc.xml >>>> Enter password for "leafkey.pem" file: >>>> > func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj= >>>> xmlSecKe >>>> ysMngrFindKey:error=1:xmlsec library function failed: >>>> > func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno >>>> wn:subj= >>>> unknown:error=45:key is not found: >>>> > func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno >>>> wn:subj= >>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed: >>>> > func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj= >>>> xmlSecEn >>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed: >>>> Error: failed to decrypt file >>>> Error: failed to decrypt file "testenc.xml" >>>> >>>> -Bala >>>> >>>> -----Original Message----- >>>> From: Aleksey Sanin [mailto:[EMAIL PROTECTED] >>>> Sent: Friday, January 18, 2008 11:30 AM >>>> To: Balakrishnan Viswanathan >>>> Cc: xmlsec@aleksey.com >>>> Subject: Re: [xmlsec] encryption works but decryption failed >>>> >>>> Could you please to try to remove the KeyName and >>>> do *not* specify key name in the command line? >>>> >>>> Aleksey >>>> >>>> Balakrishnan Viswanathan wrote: >>>>> Aleksey, >>>>> >>>>> Thanks for your quick response. I tried removing the <KeyName/> > from >>>> the >>>>> template and also specified the KeyName for encrypt and decrypt, > but >>>>> decrypt still fails with "key not found" error >>>>> >>>>> >>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec > --encrypt >>>>> --binary-da >>>>> ta test.xml --session-key des-192 --pubkey-pem:leaf-key >>> leafkeypub.pem >>>>> --output >>>>> testenc.xml template2withoutKeyName.xml >>>>> >>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad >>>> testenc.xml >>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec > --decrypt >>>>> --privkey-p >>>>> em:leaf-key leafkey.pem --output testdecrypt.xml testenc.xml >>>>> Enter password for "leafkey.pem" file: >>>>> > func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj= >>>>> xmlSecKe >>>>> ysMngrFindKey:error=1:xmlsec library function failed: >>>>> > func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno >>>>> wn:subj= >>>>> unknown:error=45:key is not found: >>>>> > func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno >>>>> wn:subj= >>>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed: >>>>> > func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj= >>>>> xmlSecEn >>>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed: >>>>> Error: failed to decrypt file >>>>> Error: failed to decrypt file "testenc.xml" >>>>> >>>>> >>>>> I am attaching the template and encrypted document. Thanks. >>>>> >>>>> -Bala >>>>> >>>>> -----Original Message----- >>>>> From: Aleksey Sanin [mailto:[EMAIL PROTECTED] >>>>> Sent: Friday, January 18, 2008 10:37 AM >>>>> To: Balakrishnan Viswanathan >>>>> Cc: xmlsec@aleksey.com >>>>> Subject: Re: [xmlsec] encryption works but decryption failed >>>>> >>>>> Most likely the cause of the problem is "empty" >>>>> KeyName node. Try to remove it from the template >>>>> or specify key name in the command line options >>>>> for both encryption and decryption. >>>>> >>>>> Aleksey >>>>> >>>>> Balakrishnan Viswanathan wrote: >>>>>> Hi All, >>>>>> >>>>>> >>>>>> >>>>>> I am a newbie to xmlsec and also to security in general. I am >> trying >>>>> to >>>>>> use xmlsec utility to encrypt and decrypt using the windows binary > >>>>>> provided by Igor. I am able to successfully encrypt a xml file >> using >>>>> syntax >>>>>> >>>>>> >>>>>> Encryption:- >>>>>> >>>>>> >>>>>> >>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec >> --encrypt >>>>>> --binary-da >>>>>> >>>>>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem >>>> --output >>>>>> testenc.x >>>>>> >>>>>> ml template2.xml >>>>>> >>>>>> >>>>>> >>>>>> the above works and I can see the encrypted data in <ciphervalue> >>>> node >>>>>> of the output document testenc.xml (also attached). >>>>>> >>>>>> >>>>>> >>>>>> However, when I try the reverse, i.e, decrypting the document from >>>>> above >>>>>> step I get error below >>>>>> >>>>>> >>>>>> >>>>>> Decryption fails:- >>>>>> >>>>>> >>>>>> >>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec >> --decrypt >>>>>> --privkey-p >>>>>> >>>>>> em leafkey.pem --output testdecrypt.xml testenc.xml >>>>>> >>>>>> Enter password for "leafkey.pem" file: >>>>>> >>>>>> > func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj= >>>>> xmlSecKe >>>>>> ysMngrFindKey:error=1:xmlsec library function failed: >>>>>> >>>>>> > func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno >>>>> wn:subj= >>>>>> unknown:error=45:key is not found: >>>>>> >>>>>> > func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno >>>>> wn:subj= >>>>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function > failed: >>>>>> > func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj= >>>>> xmlSecEn >>>>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed: >>>>>> >>>>>> Error: failed to decrypt file >>>>>> >>>>>> Error: failed to decrypt file "testenc.xml" >>>>>> >>>>>> >>>>>> >>>>>> The error says "key not found", but key is in the same folder > where >>> I >>>>> am >>>>>> running it from. I am also attaching the private key (password - >>>> leaf) >>>>>> and public key that corresponds to it >>>>>> >>>>>> >>>>>> >>>>>> I am attaching all the relevant files. Any pointers are >> appreciated. >>>>> Thanks. >>>>>> >>>>>> >>>>>> -Bala >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> > ------------------------------------------------------------------------ >>>>>> _______________________________________________ >>>>>> xmlsec mailing list >>>>>> xmlsec@aleksey.com >>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec >>>>>> >>>>>> > ------------------------------------------------------------------------ >>>>>> _______________________________________________ >>>>>> xmlsec mailing list >>>>>> xmlsec@aleksey.com >>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec >>>> _______________________________________________ >>>> xmlsec mailing list >>>> xmlsec@aleksey.com >>>> http://www.aleksey.com/mailman/listinfo/xmlsec >>> _______________________________________________ >>> xmlsec mailing list >>> xmlsec@aleksey.com >>> http://www.aleksey.com/mailman/listinfo/xmlsec >> _______________________________________________ >> xmlsec mailing list >> xmlsec@aleksey.com >> http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ > xmlsec mailing list > xmlsec@aleksey.com > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec