Berin,
I've found something strange. When I encrypt some node with
multiple keys, error occures during decryption if my private key is not
first key listed under <KeyInfo>. I'm attaching two XML documents.
Sample_OK.xml file have my key listed in the first place, and someone's
key in the second place and decryption works fine. Sample_BAD.xml have
someone's key in the first place and mine key in the second place and
decryption fails. Am I doing something wrong or XSEC is trying to
decrypt only first key using given private key, instead of trying to
decrypt all keys?
Thank you,
Milan
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><note>
<to><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey Recipient="Milan Tomic" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:KeyName>Im9kmELIcA9zx89O9xJZ/3LM1nk=</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>wraep/SrhWkCuTTGrGUVADJZv90mcbmJEr6zfxk0fK0Ld529P2ZNY12edvGVzds1ggffMiejo4bK
sm9jY21/HeZQs2EAR1aoAl5tiH+1OFl6AiEAWxdGjYZhFeu6Il2R3e0iG9zvCYc1aHawoY3aZQ3g
oodP+h+/XxxqrYwHQ3g=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<xenc:EncryptedKey Recipient="Someone else" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:KeyName>Bk0cBvyFUVsVKHynbbBI9YnqZHQ=</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>+CmPdrjRMwQPVwZ08hEe4QCufFh9tFtIsWgwnJOW7f1zKC889SSPqvcH01GNPeI06U79E5+BKPmY
iFeyz5pl2fboYYfd2qnu+rpSIgRyut4gLAFmlfOVT88pftBupOpFarsBfbLbuMypjaxDIPO5KHOG
Nnx1tX9WLbjw19OvdCI=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>p3/EaWuoTrmUBcrCBNt0Gxd/WbqowwkEV2Cte8y7I3o74z+x15fxXQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData></to>
<from>Jani</from>
<heading>Reminder</heading>
<body>Blah Blah Blah</body>
</note>
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><note>
<to><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey Recipient="Someone else" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:KeyName>Bk0cBvyFUVsVKHynbbBI9YnqZHQ=</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>+CmPdrjRMwQPVwZ08hEe4QCufFh9tFtIsWgwnJOW7f1zKC889SSPqvcH01GNPeI06U79E5+BKPmY
iFeyz5pl2fboYYfd2qnu+rpSIgRyut4gLAFmlfOVT88pftBupOpFarsBfbLbuMypjaxDIPO5KHOG
Nnx1tX9WLbjw19OvdCI=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<xenc:EncryptedKey Recipient="Milan Tomic" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:KeyName>Im9kmELIcA9zx89O9xJZ/3LM1nk=</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>wraep/SrhWkCuTTGrGUVADJZv90mcbmJEr6zfxk0fK0Ld529P2ZNY12edvGVzds1ggffMiejo4bK
sm9jY21/HeZQs2EAR1aoAl5tiH+1OFl6AiEAWxdGjYZhFeu6Il2R3e0iG9zvCYc1aHawoY3aZQ3g
oodP+h+/XxxqrYwHQ3g=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>p3/EaWuoTrmUBcrCBNt0Gxd/WbqowwkEV2Cte8y7I3o74z+x15fxXQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData></to>
<from>Jani</from>
<heading>Reminder</heading>
<body>Blah Blah Blah</body>
</note>
