Julien TAUPIN wrote:
Hi all,
I try to perform an XML encryption of data by a secret key. In the w3c
recommendations it is precised that the initialisation vector IV must be
transmit but does not specified where : "the IV, if any, could be specified
as being with the cipher data, as an algorithm content element, or
elsewhere"
Actually, you missed an earlier part of that sentence which is very
important (section 5.2) http://www.w3.org/TR/xmlenc-core/#sec-Alg-Block:
"For user specified block encryption algorithms, the IV, if any, could
be specified as being with the cipher data, as an algorithm content
element, or elsewhere."
Note the words "user specified" which to me implies a non-standard block
encryption algorithm. The next paragraph states:
"The IV is encoded with and before the cipher text for the algorithms
below for ease of availability to the decryption code and to emphasize
its association with the cipher text. Good cryptographic practice
requires that a different IV be used for every encryption."
So as long as you are using one of the standard algorithms, it should be
encoded before the cipher text.
So with XmlSec I place the IV at the beginning of the ciphered data but how
can I be sure that an other program will use it.
Symmetrically, during decryption I take the IV at the beginning of the
ciphered data. But how can I find it if the enrcypting program placed it
elsewhere.
