Milan,
Is an exception being thrown at all? I had a quick check of the code, and theoretically it should be looping through all the key infos until a decrypt succeeds. Unfortunately it looks like it won't handle an exception cleanly (this is probably one of those cases where they should be quietly ignored), so that may be what is causing the problem.
Cheers,
BerinMilan Tomic wrote:
Berin,
I've found something strange. When I encrypt some node with multiple keys, error occures during decryption if my private key is not first key listed under <KeyInfo>. I'm attaching two XML documents. Sample_OK.xml file have my key listed in the first place, and someone's key in the second place and decryption works fine. Sample_BAD.xml have someone's key in the first place and mine key in the second place and decryption fails. Am I doing something wrong or XSEC is trying to decrypt only first key using given private key, instead of trying to decrypt all keys?
Thank you, Milan
------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><note> <to><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <xenc:EncryptedKey Recipient="Milan Tomic" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:KeyName>Im9kmELIcA9zx89O9xJZ/3LM1nk=</ds:KeyName> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>wraep/SrhWkCuTTGrGUVADJZv90mcbmJEr6zfxk0fK0Ld529P2ZNY12edvGVzds1ggffMiejo4bK sm9jY21/HeZQs2EAR1aoAl5tiH+1OFl6AiEAWxdGjYZhFeu6Il2R3e0iG9zvCYc1aHawoY3aZQ3g oodP+h+/XxxqrYwHQ3g=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <xenc:EncryptedKey Recipient="Someone else" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:KeyName>Bk0cBvyFUVsVKHynbbBI9YnqZHQ=</ds:KeyName> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>+CmPdrjRMwQPVwZ08hEe4QCufFh9tFtIsWgwnJOW7f1zKC889SSPqvcH01GNPeI06U79E5+BKPmY iFeyz5pl2fboYYfd2qnu+rpSIgRyut4gLAFmlfOVT88pftBupOpFarsBfbLbuMypjaxDIPO5KHOG Nnx1tX9WLbjw19OvdCI=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>p3/EaWuoTrmUBcrCBNt0Gxd/WbqowwkEV2Cte8y7I3o74z+x15fxXQ==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData></to> <from>Jani</from> <heading>Reminder</heading> <body>Blah Blah Blah</body> </note>
------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><note> <to><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <xenc:EncryptedKey Recipient="Someone else" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:KeyName>Bk0cBvyFUVsVKHynbbBI9YnqZHQ=</ds:KeyName> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>+CmPdrjRMwQPVwZ08hEe4QCufFh9tFtIsWgwnJOW7f1zKC889SSPqvcH01GNPeI06U79E5+BKPmY iFeyz5pl2fboYYfd2qnu+rpSIgRyut4gLAFmlfOVT88pftBupOpFarsBfbLbuMypjaxDIPO5KHOG Nnx1tX9WLbjw19OvdCI=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <xenc:EncryptedKey Recipient="Milan Tomic" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:KeyName>Im9kmELIcA9zx89O9xJZ/3LM1nk=</ds:KeyName> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>wraep/SrhWkCuTTGrGUVADJZv90mcbmJEr6zfxk0fK0Ld529P2ZNY12edvGVzds1ggffMiejo4bK sm9jY21/HeZQs2EAR1aoAl5tiH+1OFl6AiEAWxdGjYZhFeu6Il2R3e0iG9zvCYc1aHawoY3aZQ3g oodP+h+/XxxqrYwHQ3g=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>p3/EaWuoTrmUBcrCBNt0Gxd/WbqowwkEV2Cte8y7I3o74z+x15fxXQ==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData></to> <from>Jani</from> <heading>Reminder</heading> <body>Blah Blah Blah</body> </note>
