DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40560>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40560 Summary: RSA Decrytion doesn't Work Product: Security Version: unspecified Platform: All OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Encryption AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] This problem exist in both xml-security-c-1.2.1 and xml-security-c-1.3.0. I'm trying to decrypt an XML directly with a RSA private key. The XML looks like the following: <SSN> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <xenc:CipherData> <xenc:CipherValue>M3AF/xZbwfGn65c0eAUUdorBVUrLEUBnd1O2sZlt5FE4dFqKgtwIbRlV0hRBAarVyynLSo8r34rR HigemlQwaM6+jAGKB6ALO5U8Qpghgq3ry/fnjvb0utlXpT1F0AsEwisHsMi03h1amzmsQch6uC/B 8B+27JBMp75iIXgmtdQ=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </SSN> But I'm getting the following error when calling decryptElement: Error: Errors occured during de-serialisation of decrypted element content The problem is the function "XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer" in "xenc/impl/XENCAlgorithmHandlerDefault.cpp" treats the decrypted value as binary data. The following is the end of the function. // Copy to output result.sbMemcpyIn(decBuf, decryptLen+1); memset(decBuf, 0, decryptLen); As a side note, compare it to "XENCAlgorithmHandlerDefault::decryptToSafeBuffer" in the same file, this function treats the decrypted value as null-terminated string: cipherText->appendTxfm(tcipher); // Do the decrypt to the safeBuffer result.sbStrcpyIn(""); unsigned int offset = 0; XMLByte buf[1024]; TXFMBase * b = cipherText->getLastTxfm(); int bytesRead = b->readBytes(buf, 1024); while (bytesRead > 0) { result.sbMemcpyIn(offset, buf, bytesRead); offset += bytesRead; bytesRead = b->readBytes(buf, 1024); } result[offset] = '\0'; But "XENCCipherImpl::deSerialise" in "xenc/impl/XENCCipherImpl.cpp" treats the decrypted data saved in safeBuffer as a null-terminated string. const char * crcb = content.rawCharBuffer(); ... sbt.sbStrcatIn(&crcb[offset]); -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
