Re: [xmlsec] Encrypt with DES and RSA key wrap
You have a mistake in your template, should be ds:KeyNameEdShallow/ds:KeyName instead of KeyNameEdShallow/KeyName Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Encrypt with DES and RSA key wrap
Aleksey, It seems like it might be an xmlsec command line utility problem as opposed to a library problem per se. However our application is driving the command line utility due to its file-based nature, which suits us just fine. Any insight would be greatlty appreciated. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edward Shallow Sent: July 13, 2003 11:42 AM To: [EMAIL PROTECTED] Aleksey, That didn't do it. Must be something deeper. Operation competed but with exactly the same output (i.e. empty inner key CipherValue) Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: July 13, 2003 10:55 AM To: Edward Shallow Cc: [EMAIL PROTECTED] You have a mistake in your template, should be ds:KeyNameEdShallow/ds:KeyName instead of KeyNameEdShallow/KeyName Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Encrypt with DES and RSA key wrap
Take a look at the ds:KeyInfo/ element. It says that default namespace is dsig namespace. Thus, you got EncryptedKey/ node in dsig namespace which is defenetly wrong. Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Encrypt with DES and RSA key wrap
It's not a library or utility problem. It's a template problem as I wrote you. Your namespaces are screwed up. Aleksey Edward Shallow wrote: Aleksey, It seems like it might be an xmlsec command line utility problem as opposed to a library problem per se. However our application is driving the command line utility due to its file-based nature, which suits us just fine. Any insight would be greatlty appreciated. Ed ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Encrypt with DES and RSA key wrap
Hi Aleksey, Got it working (i.e. 3des-kt-rsa) with the command line below and the above template, attached for others. xmlsec encrypt --pubkey-pem EdShallowPub.pem --session-key des-192 --xml-data encrypt1-doc.xml --node-name Salary --output encrypted-3des-kt-RSA.xml tmpl-EPM-encrypt-3des-kt-RSA.xml Apologize for not being more diligent before posting previous dumb question. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: July 13, 2003 3:08 PM To: Edward Shallow Cc: [EMAIL PROTECTED] Take a look at the ds:KeyInfo/ element. It says that default namespace is dsig namespace. Thus, you got EncryptedKey/ node in dsig namespace which is defenetly wrong. Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec ?xml version=1.0 encoding=UTF-8? !-- XML Security Library example: Original XML doc file before encryption (encrypt2 example). -- PersonalData NameEd Shallow/Name StreetAddress1234 Mockingbird Lane/StreetAddress CityYellowknife/City PostalCodeW1C6J3/PostalCode SIN123456789/SIN SalaryEncryptedData xmlns=http://www.w3.org/2001/04/xmlenc#; Id=ED Type=http://www.w3.org/2001/04/xmlenc#Content; EncryptionMethod Algorithm=http://www.w3.org/2001/04/xmlenc#tripledes-cbc/ ds:KeyInfo xmlns:ds=http://www.w3.org/2000/09/xmldsig#; EncryptedKey xmlns=http://www.w3.org/2001/04/xmlenc#; Id=EK EncryptionMethod Algorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5/ ds:KeyInfo xmlns:ds=http://www.w3.org/2000/09/xmldsig#; ds:KeyNameEdShallowPub.pem/ds:KeyName /ds:KeyInfo CipherData CipherValuenBHGOzBuT+DFtBJE+5oCIVwF1gfdcYWWU88T+YfeFygYl1LNpxLCNOTB+7crLxIU A0aPaNuBIxvfizGYPByA8ByokEshMEeSsFO83uhGA0+TA5FX8aJKl75APiDbBX31 okCyIYwF11HmvpnZD0ap6+Vwx+LSuqJ+lq5idzHJ0n4=/CipherValue /CipherData /EncryptedKey /ds:KeyInfo CipherData CipherValue8UFIiid1kcUKBJtGpLg15YUhkKA/crMrx35vIvY93SM=/CipherValue /CipherData /EncryptedData/Salary /PersonalData ?xml version=1.0 encoding=UTF-8? !-- XML Security Library example: XML doc file encrypted with DES sym key then transported using xmlenc#rsa-1_5 -- EncryptedData Id=ED Type=http://www.w3.org/2001/04/xmlenc#Content; xmlns=http://www.w3.org/2001/04/xmlenc#; EncryptionMethod Algorithm=http://www.w3.org/2001/04/xmlenc#tripledes-cbc/ ds:KeyInfo xmlns:ds=http://www.w3.org/2000/09/xmldsig#; EncryptedKey Id=EK xmlns=http://www.w3.org/2001/04/xmlenc#; EncryptionMethod Algorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5/ ds:KeyInfo xmlns:ds=http://www.w3.org/2000/09/xmldsig#; ds:KeyNameEdShallowPub.pem/ds:KeyName /ds:KeyInfo CipherData CipherValue / /CipherData /EncryptedKey /ds:KeyInfo CipherData CipherValue / /CipherData /EncryptedData
Re: [xmlsec] Encrypt with DES and RSA key wrap
Great! FYI, there is a --session-key option that tells xmlsec utility to generate key on the fly. It might be a better solution than writing the DES key to a file. Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec