Re: Decryption issue.

Thu, 04 Mar 2004 11:40:09 -0800

Berin,
 
Yes, this was the problem. Thanks for fixing it.
It works fine with your code change.
 
Thanks,
Sachin.

Berin Lautenbach <[EMAIL PROTECTED]> wrote:
Sachin,

I have just checked a new version of XMLCipher into CVS - could you have
a try?

We were only grabbing the first node beneath , so if there
were multiple nodes, or any comments, we wouldn't grab all the cipher
text. That may be where you were running into problems.

Cheers,
Berin

Berin Lautenbach wrote:

> Ahhh. I wonder if the cipher text is split accross multiple text nodes
> and for some reason we are not gathering it all.
>
> I will have a look-see.
>
> (CCing to security-dev for records)
>
> Cheers,
> Berin
>
>
> Sachin Tarnekar wrote:
>
>> Hi Berin,
>>
>> Thanks for the response..
>>
>> The problem turns out to be the xenc:CipherData element. This element
>> appears as follows:
>> >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">>>
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">KYt4B9VBC2PSoZmvQ7vNecgB1C7t54KNJEyMz8oNc18IHYjaF+Ojl3byj7fsP3FdyY6FhR2O1pW3
>> KYt4B9VBC2PSoZmvQ7vNecgB1C7t54KNJEyMz8oNc18IHYjaF+Ojl3byj7fsP3FdyY6FhR2O1pW3>
>>
>> YUhN7bvzuGw1mf7Kn25vuZdW8fXWA1ToJFI7Xy2W8lC6pR7Sc0q8lUQiqJqY0151s1e7QLJMEGw9
>>
>> 6/wuk89MGJnR/9Gli6A=>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">>>
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">ZQpEQnzVSkKST0feoh824wjfjUCEV7vlgmfBHpJ+H66QqZSXgg3nHn9fcgcMde3i130CaHVjV0lu
>> ZQpEQnzVSkKST0feoh824wjfjUCEV7vlgmfBHpJ+H66QqZSXgg3nHn9fcgcMde3i130CaHVjV0lu>
>>
>> IouVDwHCfxfNf4guGPEpG0t2+x01gM8=
>>
>> It wraps around in multiple lines and therefore only a part of the
>> CipherData gets passed to the decryption function.
>> If I serialize this document (to a ByteArray Stream and then back to a
>> Document), decryption works fine since the whole document is then
>> seralized.
>>
>> Do you know where the issue might be? The CipherData output of
>> Apache's Encryption is itself indented. So it seems weird that the
>> decryption function does not decrypt a "pretty-printed" XML doc.
>>
>> Thanks,
>> Sachin.
>>
>>
>> */Berin Lautenbach <[EMAIL PROTECTED]>/* wrote:
>>
>> Sachin,
>>
>> How are you loading the private key? The InvalidKeyException might
>> indicate that the wrong key is being used - which would explain the
>> "unknown block type", as it would do the decrypt and go to strip the
>> PKCS1.5 padding and find it didn't match expectations.
>> Cheers,
>> Berin
>>
>>
>> > Hi,
>> >
>> > I am trying to decrypt a document that is encrypted
>> > using AES192 and in which the symmetric key is
>> > encrypted using an RSA key.
>> >
>> > But decryption fails with the following exception. I
>> > get the same errors even if the document is encrypted
>> > using DESede.
>> >
>> > XMLCipher - Constructing XMLCipher...
>> > XMLCipher - Initializing XMLCipher...
>> > XMLCipher - opmode = UNWRAP_MODE
>> > XMLCipher - Decrypting key from previously
>> > loaded EncryptedKey...
>> > JCEMapper - Request for URI
>> > http://www.w3.org/2001/04/xmlenc#rsa-1_5
>> > JCEMapper - Found RSA/ECB/PKCS1PADDING from
>> > provider BC
>> > JCEMapper - Request for URI
>> > http://www.w3.org/2001/04/xmlenc#rsa-1_5
>> > JCEMapper - Found RSA/ECB/PKCS1PADDING from
>> > provider BC
>> > XMLCipher - JCE Provider = BC
>> > XMLCipher - JCE Algorithm =
>> > RSA/ECB/PKCS1PADDING
>> > org.apache.xml.security.encryption.XMLEncryptionException:
>> > unknown block type
>> > Original Exception was
>> > java.security.InvalidKeyException: unknown block type
>> > at
>> >
>>
>> org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1265)>
>>
>> ... 9 more
>> >
>> >
>> > The code that it fails in is given below.
>> >
>> > cipher = XMLCipher.getInstance();
>> > cipher.init(XMLCipher.DECRYPT_MODE, null);
>> > EncryptedData encryptedData =
>> > cipher.loadEncryptedData(doc, element);
>> > EncryptedKey ek =
>> > encryptedData.getKeyInfo().itemEncryptedKey(0);
>> >
>> > CipherValue encryptionKeyCipherValue =
>> > ek.getCipherData().getCipherValue();
>> > XMLCipher keyCipher = XMLCipher.getInstance();
>> > keyCipher.init(XMLCipher.UNWRAP_MODE, rsaprivatekey);
>> > String algo =
>> > encryptedData.getEncryptionMethod().getAlgorithm();
>> > key = keyCipher.decryptKey(ek, algo); // fails here
>> >
>> >
>> > The encrypted document is as follows:
>> >
>> > Type="http://www.w3.org/2001/04/xmlenc#Element"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> >
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" />
>> > -
>> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> > -
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> >
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" />
>> >
>> >
>> > Could anybody point me to what could be going wrong? I
>> > am using BouncyCastle JCE and Xalan 2.5.
>> >
>> > Thanks much for any help,
>> > Sachin.
>> >
>> >
>> > __________________________________
>> > Do you Yahoo!?
>> > Yahoo! Mail SpamGuard - Read only the mail you want.
>> > http://antispam.yahoo.com/tools
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>> Do you Yahoo!?
>> Yahoo! Search - Find what you�re looking for faster.
>>
>
>
>

Do you Yahoo!?
Yahoo! Search - Find what you�re looking for faster.

Reply via email to