Hi, So far I tried using java to decrypt but without any luck. Can anyone suggest if there is alternative way to do this in CF7. If yes that would be great....
Plz see below the technical specs.... I am getting an xml file which has some elements encrypted as per the standards mentioned here http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html here are the steps for encrypting part of xml file which is done by client before its sent over to me as a SAML Assertion.They are using Apache XML Security Library 1. employee data is encrypted using a encrypted symmetric key i.e. cipher algorithm is AES/CBC/ISO10126Padding opmode = ENCRYPT_MODE 2. then encrypts the symmetric key using my RSA public key, cihper.algoritm = RSA/ECB/PKCS1Padding in opmode = WRAP_MODE So i was trying to 1. decrypt symmetric key using my RSA private key with opmode = UNWRAP_MODE 2. then use this symmetric key to decrypt using opmode = DECRYPT_MODE and get employee data. Any ideas... see sample xml example [t01] <EncryptedData Id='ED' xmlns='http://www.w3.org/2001/04/xmlenc#'> [t02] <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/> [t03] <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> [t04] <ds:RetrievalMethod URI='#EK' Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/> [t05] <ds:KeyName>Sally Doe</ds:KeyName> [t06] </ds:KeyInfo> [t07] <CipherData><CipherValue>DEADBEEF</CipherValue></CipherData> [t08] </EncryptedData> [t02] This (AES-128-CBC) is a symmetric key cipher.[t04] ds:RetrievalMethodis used to indicate the location of a key with type &xenc;EncryptedKey. The (AES) key is located at '#EK'.[t05] ds:KeyNameprovides an alternative method of identifying the key needed to decrypt the CipherData. Either or both the ds:KeyName and ds:KeyRetrievalMethod could be used to identify the same key. Within the same XML document, there existed an EncryptedKey structure that was referenced within [t04]: [t09] <EncryptedKey Id='EK' xmlns='http://www.w3.org/2001/04/xmlenc#'> [t10] <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> [t11] <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> [t12] <ds:KeyName>John Smith</ds:KeyName> [t13] </ds:KeyInfo> [t14] <CipherData><CipherValue>xyzabc</CipherValue></CipherData> [t15] <ReferenceList> [t16] <DataReference URI='#ED'/> [t17] </ReferenceList> [t18] <CarriedKeyName>Sally Doe</CarriedKeyName> [t19] </EncryptedKey> [t09] The EncryptedKey element is similar to the EncryptedData element except that the data encrypted is always a key value. [t10] The EncryptionMethod is the RSA public key algorithm. [t12] ds:KeyName of "John Smith" is a property of the key necessary for decrypting (using RSA) the CipherData. [t14] The CipherData's CipherValue is an octet sequence that is processed (serialized, encrypted, and encoded) by a referring encrypted object's EncryptionMethod. (Note, an EncryptedKey's EncryptionMethod is the algorithm used to encrypt these octets and does not speak about what type of octets they are.) FYI, I will send an email to community forum to see if we have a java expert who can help with this. I am willing to pay for this part. Thanks, -- <Ajas Mohammed /> http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
