Hi I was sitting watching my son play hockey and realized my issue.
The example I was using --node-xpath '/PayInfo/CreditCard/Number/text()' grabs the text of the Number element. As it is already text, http://www.w3.org/2001/04/xmlenc#Content is not valid. Changing it to --node-xpath '/PayInfo/CreditCard/Number allows me to use http://www.w3.org/2001/04/xmlenc#Content in the template and it correctly encrypts just the credit card number. So the example from https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html was incorrect. Thanks for the earlier reply. Tim Timothy Legge timle...@gmail.com timle...@cpan.org On Sat, Mar 26, 2022 at 11:49 AM Timothy Legge <timle...@gmail.com> wrote: > > Hi Aleksey > > I just wrote a perl module to encrypt and decrypt XML. As part of the > test scripts I am using xmlsec to encrypt XML to verify that the > XML::Enc module can properly decrypt the XML. > > I ran into trouble with xmlsec encrypting the content within a tag. > When I used the xpath /PayInfo/CreditCard/Number/text() to get the > Content xmlsec only seems to encrypt the Content correctly if I use > http://www.w3.org/2001/04/xmlenc#Element as the EncryptedData type. > If I try to use http://www.w3.org/2001/04/xmlenc#Content it leaves > the Content of the Number empty. > > My tests are in > https://github.com/perl-net-saml2/perl-XML-Enc/blob/main/t/07-decrypt-xmlsec.t > basically I test with both an Encrypted Element and Encrypted Content. > In the Module I have to use an option force_element_to_content so that > when the xmlsec encrypted Content is decrypted that includes the > http://www.w3.org/2001/04/xmlenc#Element as the EncryptedData Type I > treat it as if it was Content if it is not valide XML. In this case > it is simply the credit card number. > > I will take a look at the examples in case I am doing something > incorrect in my xmlsec commands. > > Tim > > Timothy Legge > timle...@gmail.com > timle...@cpan.org > > On Sat, Mar 26, 2022 at 11:06 AM Aleksey Sanin <alek...@aleksey.com> wrote: > > > > Hi Timothy, > > > > I am not exactly sure what are you trying to do but I recommend > > checking out examples: > > > > https://github.com/lsh123/xmlsec/tree/master/examples > > > > and tests: > > > > https://github.com/lsh123/xmlsec/tree/master/tests > > > > Also, if you can explain what is your goal, then it might be easier > > to provide a solution for your problem. > > > > Best, > > > > Aleksey > > > > On 3/25/22 7:15 PM, Timothy Legge wrote: > > > Hi > > > > > > Sorry, I sent this directly to Aleksey initially... > > > > > > I was following: > > > https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html > > > (which is reasonably close enough for me to get encryption working. > > > > > > Specifically the following command results in the Content in > > > /PayInfo/CreditCard/Number/text() being properly encrypted. However, > > > I would expect that the EncryptedData Type should be > > > "http://www.w3.org/2001/04/xmlenc#Content" instead of the specified > > > Element for this to properly encrypt the Content. Changing it to > > > Content causes the doc-encrypted.xml created to be missing data in the > > > Number tags: "<Number></Number>". > > > > > > To me it appears this to be a bug but likely I am misreading the > > > XML-Enc specifications. > > > > > > Any thoughts? > > > > > > xmlsec1 --encrypt --pubkey-cert-pem t/sign-certonly.pem > > > --session-key des-192 --xml-data doc-plain.xml --output > > > doc-encrypted.xml --node-xpath '/PayInfo/CreditCard/Number/text()' > > > session-key-template.xml > > > > > > ======================================== > > > doc-plain.xml > > > ======================================== > > > <?xml version="1.0" encoding="utf-8" ?> > > > <PayInfo> > > > <Name>John Smith</Name> > > > <CreditCard Limit='2,000' Currency='USD'> > > > <Number>1076 2478 0678 5589</Number> > > > <Issuer>CitiBank</Issuer> > > > <Expiration>06/10</Expiration> > > > </CreditCard> > > > </PayInfo> > > > ======================================== > > > session-key-template.xml > > > ========================================== > > > <?xml version="1.0" encoding="UTF-8"?> > > > <!-- > > > XML Security Library example: Original XML > > > doc file before encryption (encrypt3 example). > > > --> > > > <EncryptedData > > > xmlns="http://www.w3.org/2001/04/xmlenc#" > > > Type="http://www.w3.org/2001/04/xmlenc#Element"> > > > <EncryptionMethod Algorithm= > > > "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> > > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> > > > <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> > > > <EncryptionMethod Algorithm= > > > "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> > > > <KeyName/> > > > </KeyInfo> > > > <CipherData> > > > <CipherValue/> > > > </CipherData> > > > </EncryptedKey> > > > </KeyInfo> > > > <CipherData> > > > <CipherValue/> > > > </CipherData> > > > </EncryptedData> > > > ========================================== > > > > > > > > > Timothy Legge > > > timle...@gmail.com > > > timle...@cpan.org > > > _______________________________________________ > > > xmlsec mailing list > > > xmlsec@aleksey.com > > > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec