You might want to read the spec
http://www.w3.org/Signature/Overview.html
Note the section about IV and exact CBC mode for aes
encryption.
Aleksey
Balakrishnan Viswanathan wrote:
Aleksey,
I was able to use the templates and encrypt an xml file using xmlsec,
the result is like
<?xml version="1.0" encoding="UTF-8"?>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
MimeType="text/plain">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5">
<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
</KeyInfo>
<CipherData>
<CipherValue>sPReUF+uwZhGoyq1keMI0zS0x5pJfAOv0P4GQpDiq4SkGcKL1VgQLEZb0t7cWJsF
EVYlhLH/UX1KSR4LsD0rPtYxzyl9u1MwE78AXJmD/WpmhzuYbhGaPS4G8aBLtV4o
EphXZIut0gZUQNM4VcKBV+kKjp+pYvTJQo9ZnROszFk=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>0WJE6bRu1Bmu6nf7M78ZAZkeZQWSXtuGcf8X3y28ZIWHY6UFv+5HsxRTXKQ107aD
3Rh1g5FjSZwqhHH1pJWMXKkm8L8cryXRkDbPjhYcufVwgb6m+d2xJn2H3fKdylRy
qLRK+0EPZ2QA2G7auVXKvX6zpemcb9diXSPoy4gFX1DeNReJXqvSHHSxbDBHRA7W
3uFbV7isUrELh0aYnWRIyimTf2RdgqXzFN8maR9x8AI=</CipherValue>
</CipherData>
</EncryptedData>
I was able to decrypt the encrypted symmetric key between the first
<CipherData>..</CipherData> node manually using openssl with commands
openssl rsautl -inkey leafkey.pem -decrypt -in sessionkeyraw -raw –out
sessionkey.dec
the above steps output binary data into sessionkey.dec, I am able to see
using command below
openssl enc -in sessionkey.dec –p
However, when I try to decrypt the payload (second
<CipherData>…</CipherData> node)with the retrieved key using command
openssl enc -d -a -in payload.b64.enc -kfile sessionkey.decrypt -out payload
The above returns but payload contains binary data, shouldn’t I be
seeing an xml file?.
-Bala
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec