Hi, W3C is being very clear about padding while encrypting using RSA 1.5 alg:
http://www.w3.org/TR/xmlenc-core/#sec-Alg-KeyTransport In other words: you have to use padding. Btw, padding is not something complex and can be easily implemented. Hope it helps, Milan --- Hess Yvan <[EMAIL PROTECTED]> wrote: > I encrypted a XML document containing a <xenc:EncryptedKey> element and > a <xenc:EncryptedData> element using XML Apache XML security. I tried to > decrypt it using XSS4J library and I didn't succeed!!! The problem seems > to occur when the secret key encapsulated into the <xenc:EncryptedKey> > element is decrypted by XSS4J library. > > > > Doing some investigation, I found that XML Apache security library > encrypts the secret key using the algorithm > http://www.w3.org/2001/04/xmlenc#rsa-1_5 with a cipher > 'RSA/ECB/PKCS1Padding' and that IBM XSS4J uses 'RSA/ECB/NoPadding'. > > > > The "XML Encryption Syntax and Processing" specifications of the W3C is > not clear for me concernig the rsa-1_5 encryption algorithm. Is a > padding associated to rsa-1_5 encryption or not ? > > > > Who has right ? IBM XSS4J library or XML Apache Security library ? > > > > I think it is a critical bug either into XSS4J or into Apache XML > security ... or am I wrong ? > > > > Thanks for your answer. > > > > Regards. Yvan Hess > > > > Here is the XML encrypted (partial). > > > > <edoc:data xmlns:edoc="http://www.imtf.com/hypersuite/edoc/2.0/"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > > <xenc:EncryptedKey Id="Revision-1-Encryption-1-EncryptedKey-1"> > > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > > <ds:KeyInfo> > > <ds:KeyName>SphinxTest</ds:KeyName> > > </ds:KeyInfo> > > <xenc:CipherData> > > > <xenc:CipherValue>PMblWX1U9dQhiMTSMXsX9kO8Udg8Pii8XhrRmOKJ+HiuSZUEvsfBtD > wFzoXjwnCdYb+LkqPxYZ8EzgQxbxObI1RrUdg6iy4R3T0d+/H/tK34cjm8itoqDDSkyod9/b > OtqnEnv3AzAgkBFNCbR7NZ3N7i7gonjMAzes6wuNRCYsg=</xenc:CipherValue> > > </xenc:CipherData> > > <xenc:CarriedKeyName>secretKey</xenc:CarriedKeyName> > > </xenc:EncryptedKey> > > <xenc:EncryptedData Id="Revision-1-Encryption-1-EncryptedData-1"> > > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> > > <ds:KeyInfo> > > <ds:KeyName>secretKey</ds:KeyName> > > </ds:KeyInfo> > > <xenc:CipherData> > > <xenc:CipherReference > URI="urn:hypersuite:534177D3-C0A8027601B4E829-57982AC1.txt"/> > > </xenc:CipherData> > > </xenc:EncryptedData> > > </edoc:data> > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
