Milan Tomic wrote:
How? XENCCipher doesn't have addKEK() method, only setKEK(). What method I should use to add all other keys? I'm trying this:
How about something like (and I haven't tried this, so take with grain of salt!) :
XSECCryptoKey * kek = NULL; HCRYPTKEY hkey; xenc = cipher->getEncryptedData();
for (int i=0; i<numOfPublicKeys; i++) {
CryptImportPublicKeyInfo(win32RSACSP, MY_ENCODING_TYPE,
&(pCert[i]->pCertInfo->SubjectPublicKeyInfo), &hkey); kek = new WinCAPICryptoKeyRSA(win32RSACSP, hkey);
cipher->setKEK(kek);
XENCEncryptedKey *xkey = cipher->encryptKey(keyStr, keyLen, kekAlg);
xenc->appendEncryptedKey(xkey);}
What is a difference in purpose between Recepient attribute of xenc:EncryptedKey element and ds:KeyName element, if there is any?
Probably not a lot. But my reading is that you might have a case that goes something like :
1. I have 5 different encrypted keys, I wonder which belongs to me? 2. Key 3 has Recipient "Berin" - that must be mine! 3. Now, I wonder which of my keys was used to encrypt it? 4. KeyName element is set to a cert with public key X, so it must be key X.
I.e. the recipient identified the person (or entity) that the key is destined for, the KeyName the actual key to use to decrypt it.
Cheers,
Berin