RE: xml encryption/decryption of binary data

Larchier Christophe Wed, 05 Apr 2006 04:58:11 -0700

I have created a new XMLCipher.encryptData(Document context, byte[] data) 
function by modifying a little the function XMLCipher.encryptData(Document 
context, Element element, boolean contentMode).
I think that it could be useful to add it to the XMLCipher class.


    public EncryptedData encryptData(Document context, byte[] data) throws
    /* XMLEncryption */Exception {
        logger.debug("Encrypting data...");
        if (null == context)
            logger.error("Context document unexpectedly null...");
        if (null == data)
            logger.error("Data unexpectedly null...");
        if (_cipherMode != ENCRYPT_MODE)
            logger.debug("XMLCipher unexpectedly not in ENCRYPT_MODE...");

        _contextDocument = context;

        if (_algorithm == null) {
            throw new XMLEncryptionException(
                    "XMLCipher instance without transformation specified");
        }

        byte[] encryptedBytes = null;

        // Now create the working cipher if none was created already
        Cipher c;
        if (_contextCipher == null) {
            String jceAlgorithm = JCEMapper.translateURItoJCEID(_algorithm);

            logger.debug("alg = " + jceAlgorithm);

            try {
                if (_requestedJCEProvider == null)
                    c = Cipher.getInstance(jceAlgorithm);
                else
                    c = Cipher.getInstance(jceAlgorithm, _requestedJCEProvider);
            } catch (NoSuchAlgorithmException nsae) {
                throw new XMLEncryptionException("empty", nsae);
            } catch (NoSuchProviderException nspre) {
                throw new XMLEncryptionException("empty", nspre);
            } catch (NoSuchPaddingException nspae) {
                throw new XMLEncryptionException("empty", nspae);
            }
        } else {
            c = _contextCipher;
        }
        // Now perform the encryption

        try {
            // Should internally generate an IV
            // todo - allow user to set an IV
            c.init(_cipherMode, _key);
        } catch (InvalidKeyException ike) {
            throw new XMLEncryptionException("empty", ike);
        }

        try {
            encryptedBytes = c.doFinal(data);

            logger.debug("Expected cipher.outputSize = "
                    + Integer.toString(c.getOutputSize(data.length)));
            logger.debug("Actual cipher.outputSize = "
                    + Integer.toString(encryptedBytes.length));
        } catch (IllegalStateException ise) {
            throw new XMLEncryptionException("empty", ise);
        } catch (IllegalBlockSizeException ibse) {
            throw new XMLEncryptionException("empty", ibse);
        } catch (BadPaddingException bpe) {
            throw new XMLEncryptionException("empty", bpe);
        }

        // Now build up to a properly XML Encryption encoded octet stream
        // IvParameterSpec iv;

        byte[] iv = c.getIV();
        byte[] finalEncryptedBytes = new byte[iv.length + 
encryptedBytes.length];
        System.arraycopy(iv, 0, finalEncryptedBytes, 0, iv.length);
        System.arraycopy(encryptedBytes, 0, finalEncryptedBytes, iv.length,
                encryptedBytes.length);

        String base64EncodedEncryptedOctets = Base64
                .encode(finalEncryptedBytes);

        logger.debug("Encrypted octets:\n" + base64EncodedEncryptedOctets);
        logger.debug("Encrypted octets length = "
                + base64EncodedEncryptedOctets.length());

        try {
            CipherData cd = _ed.getCipherData();
            CipherValue cv = cd.getCipherValue();
            // cv.setValue(base64EncodedEncryptedOctets.getBytes());
            cv.setValue(base64EncodedEncryptedOctets);

            EncryptionMethod method = _factory.newEncryptionMethod(new URI(
                    _algorithm).toString());
            _ed.setEncryptionMethod(method);
        } catch (URI.MalformedURIException mfue) {
            throw new XMLEncryptionException("empty", mfue);
        }
        return (_ed);
    }


Moreover, I have tested the xmlCipher.decryptToByteArray() function and I 
confirm that it works for binary datas.

Christophe


-----Message d'origine-----
De : Berin Lautenbach [mailto:[EMAIL PROTECTED]
Envoyé : mardi 4 avril 2006 12:06
À : security-dev@xml.apache.org
Objet : Re: xml encryption/decryption of binary data


Hess Yvan wrote:

> 3. Then  I have to encrypt the external binary
> "urn:hypersuite:534177D3-C0A8027601B4E829-57982AC1" MANUALLY. I didnt
> find a chance to do it using XML security. It seems that the
> functionalilty is implemented into Apache xml-signature but not into
> Apache xml-encryption. I thing I will have the same problem for
> decryption :-)

The reason it currently has to be done manually is that encryption is
very different to reading a URL for signing.

For signature, we just read the reference URL and create the signature
completely separately - it does not impact the source data in any way.

In the encryption case, we not only have to read the data from the URL,
we have to overwrite it with the encrypted data.  There are cases where
that's possible, but it's definitely not trivial!

I can't speak for the Java library off the top of my head, but the C++
library allows you to decrypt.  However the return data is a byte stream
- not an overwrite of the referenced URL.

Cheers,
        Berin

RE: xml encryption/decryption of binary data

Reply via email to