I will have a look-see.
(CCing to security-dev for records)
Cheers,
BerinSachin Tarnekar wrote:
Hi Berin,
Thanks for the response..
The problem turns out to be the xenc:CipherData element. This element appears as follows:
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:CipherValue <http://www.w3.org/2001/04/xmlenc#";><xenc:CipherValue> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>KYt4B9VBC2PSoZmvQ7vNecgB1C7t54KNJEyMz8oNc18IHYjaF+Ojl3byj7fsP3FdyY6FhR2O1pW3 <http://www.w3.org/2001/04/xmlenc#";>KYt4B9VBC2PSoZmvQ7vNecgB1C7t54KNJEyMz8oNc18IHYjaF+Ojl3byj7fsP3FdyY6FhR2O1pW3>
YUhN7bvzuGw1mf7Kn25vuZdW8fXWA1ToJFI7Xy2W8lC6pR7Sc0q8lUQiqJqY0151s1e7QLJMEGw9
6/wuk89MGJnR/9Gli6A=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:CipherValue <http://www.w3.org/2001/04/xmlenc#";><xenc:CipherValue> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>ZQpEQnzVSkKST0feoh824wjfjUCEV7vlgmfBHpJ+H66QqZSXgg3nHn9fcgcMde3i130CaHVjV0lu <http://www.w3.org/2001/04/xmlenc#";>ZQpEQnzVSkKST0feoh824wjfjUCEV7vlgmfBHpJ+H66QqZSXgg3nHn9fcgcMde3i130CaHVjV0lu>
IouVDwHCfxfNf4guGPEpG0t2+x01gM8=</xenc:CipherValue></xenc:CipherData>
It wraps around in multiple lines and therefore only a part of the CipherData gets passed to the decryption function.
If I serialize this document (to a ByteArray Stream and then back to a Document), decryption works fine since the whole document is then seralized.
Do you know where the issue might be? The CipherData output of Apache's Encryption is itself indented. So it seems weird that the decryption function does not decrypt a "pretty-printed" XML doc.
Thanks,
Sachin.
*/Berin Lautenbach <[EMAIL PROTECTED]>/* wrote:
Sachin,
How are you loading the private key? The InvalidKeyException might indicate that the wrong key is being used - which would explain the "unknown block type", as it would do the decrypt and go to strip the PKCS1.5 padding and find it didn't match expectations. Cheers, Berin
> Hi, > > I am trying to decrypt a document that is encrypted > using AES192 and in which the symmetric key is > encrypted using an RSA key. > > But decryption fails with the following exception. I > get the same errors even if the document is encrypted > using DESede. > > XMLCipher - Constructing XMLCipher... > XMLCipher - Initializing XMLCipher... > XMLCipher - opmode = UNWRAP_MODE > XMLCipher - Decrypting key from previously > loaded EncryptedKey... > JCEMapper - Request for URI > http://www.w3.org/2001/04/xmlenc#rsa-1_5 > JCEMapper - Found RSA/ECB/PKCS1PADDING from > provider BC > JCEMapper - Request for URI > http://www.w3.org/2001/04/xmlenc#rsa-1_5 > JCEMapper - Found RSA/ECB/PKCS1PADDING from > provider BC > XMLCipher - JCE Provider = BC > XMLCipher - JCE Algorithm = > RSA/ECB/PKCS1PADDING > org.apache.xml.security.encryption.XMLEncryptionException: > unknown block type > Original Exception was > java.security.InvalidKeyException: unknown block type > at > org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1265)> ... 9 more > > > The code that it fails in is given below. > > cipher = XMLCipher.getInstance(); > cipher.init(XMLCipher.DECRYPT_MODE, null); > EncryptedData encryptedData = > cipher.loadEncryptedData(doc, element); > EncryptedKey ek = > encryptedData.getKeyInfo().itemEncryptedKey(0); > > CipherValue encryptionKeyCipherValue = > ek.getCipherData().getCipherValue(); > XMLCipher keyCipher = XMLCipher.getInstance(); > keyCipher.init(XMLCipher.UNWRAP_MODE, rsaprivatekey); > String algo = > encryptedData.getEncryptionMethod().getAlgorithm(); > key = keyCipher.decryptKey(ek, algo); // fails here > > > The encrypted document is as follows: > > Type="http://www.w3.org/2001/04/xmlenc#Element"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > > Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; /> > - > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > - > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; /> > > > Could anybody point me to what could be going wrong? I > am using BouncyCastle JCE and Xalan 2.5. > > Thanks much for any help, > Sachin. > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail SpamGuard - Read only the mail you want. > http://antispam.yahoo.com/tools
------------------------------------------------------------------------
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster. <http://search.yahoo.com/?fr=ad-mailsig-home>
