Encryption does not replace elements' content

Tue, 17 Jul 2007 08:06:05 -0700 

Hi,
I have a strange behaviour: I want to encrypt content of some elements in a xml file, and so I use doFinal(..,..,true), but the resulting file has both clear content and encrypted content. 

Here is my code, that I use with test file users.xml:

...
Element rootElement = doc.getDocumentElement();
...

NodeList dataToEncrypt = XPathAPI.selectNodeList(rootElement,
                        "/users/user");

XMLCipher dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
dataCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);


for (int i = 0; i < dataToEncrypt.getLength(); i++) {
        EncryptedData encryptedData = dataCipher.getEncryptedData();
        KeyInfo ki = new KeyInfo(doc);
        ki.add(encrytedKey);
        encryptedData.setKeyInfo(ki);
        dataCipher.doFinal(doc,(Element) dataToEncrypt.item(i), true);
}

and I get file encrypted-users.xml.


Instead, if in the same code I use the call 
dataCipher.doFinal(doc,(Element) dataToEncrypt.item(i), false), I have 
the clear content correctly replaced by encrytped content (see file 
ecnrytped-users2.xml).




Here the xml file content:

users.xml

<?xml version="1.0" encoding="UTF-8"?>
<users>
  <user>
    <firstname>Alberto</firstname>
    <lastname>Novello</lastname>
    <age>34</age>
    <serial>Y10</serial>
  </user>
  <user>
    <firstname>Daniele</firstname>
    <lastname>Gagliardi</lastname>
    <age>36</age>
    <serial>Y5</serial>
  </user>
  <user>
    <firstname>Fabrizio</firstname>
    <lastname>Petriconi</lastname>
    <age>35</age>
    <serial>Y15</serial>
  </user>
</users>


encrypted-users.xml

<users>


<user><firstname>Alberto</firstname><lastname>Novello</lastname><age>34</age><serial>Y10</serial><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG

i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT
8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ILMHqD63nKfZNzuDsgtzmwsmTSgjtrLJjlk3zHEcLGyo6jYv0IB+wFmG3/TE/ucLmhm9Mb/BRY78
EsZ1I+Q8IhgRLWlZ2SpLwRunsdCVpKW+o5Uj1zAN2aILZpaHyJpa0QHFY3fdCP4dZqP6V62qnfOW
dUZPmPfGYWvuLCe9lJQ=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>


<user><firstname>Daniele</firstname><lastname>Gagliardi</lastname><age>36</age><serial>Y5</serial><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG

i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT
8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Bo9u0BouVMaUcD2TT8zR+iMHnGW4AtxKGvCmpoLcj04oaYrndhhJl/0Gsp6QAi79elnNu6UjvPzg
AH4H5Ma2qduBlBdh8TmLep+JIhGzOeQPLmDVJ6yPshF5vEo6ddMLoAkDTiq1204QHJP5/F5krGfp
K6u6O0KhtCd09WMe5B0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>


<user><firstname>Fabrizio</firstname><lastname>Petriconi</lastname><age>35</age><serial>Y15</serial><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG

i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT
8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>SEQ9PPmBlrPvq2l3/2eOV7+YIDUSYrFKmslcLftPydSnO5ge4e2OmeDCG1kZNyUhpaHTtMMSQ++k
tssOcyUr/KSsK2s4SudxJQCXdIG/t+J0pF8Z/HlNXXK5P9ftP0+mb191Np0TmuHtGCHsA35zdv1O
Prs644IIs8+taQWoJd0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>
</users>



encrypted-users2.xml

<users>

  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe

IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f
wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>aW8KrWkt1qWFKsDooniB1f6bf5M52Tc42lqwYIvZWeImZcppLvEqnw2d79Y/1vRmD2I36RDMof95
YJRiFYQLJxtSYxC6pBc9SX3f0asNALgce4pueZS6neFlVPaaT+W/YVs+nKOzGC6v+IW1gyaBxlyX
uRklAlHYm0SyD/W9ngyQHFQup18L+g==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>

  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe

IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f
wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>8fokqdXka1akIdP3L9pTc/ZD6kIj2vaX1K0HciKBu6Jcr4k9MsWImF4iJhCbNWlZU71PthDEb9C+
F00303jnLCQ/tPCbWjTLmt13WkM6+g6iP+zDVLcqnaW1nBvVnoEL6//d5HGSeOwFiX8sHgqjd3J/
ljFRMGWYsSKIym1g2UQ5k/5E86Ltxpjm8boL2EFR</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>

  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe

IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f
wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>dhLXFvrmca5SpuikvxGiyMd1WkBFhCAYyZ7YAGtE4k+GNMcNiHY0nQtO3hgEIIy9a5+JXkgqUfOQ
JhT/qhGaIENiv9rsLU04HGJ8oKeByfY490aithaq9rztmW4B9ZPESohRdoEUaza5YFhe9rWw2iPn
gvATt2jyaQL+nHT74O4hWTiom6Gnf3N/qNDBQlbV</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
</users>




--
-------------------------------------------
Daniele Gagliardi

Engiweb Security - Gruppo Engineering
Corso Stati Uniti 23/I
35127 Padova, Italia

Tel. ++39 0498692507
Fax. ++39 0498692566

http://www.engiweb.com

e-mail:   [EMAIL PROTECTED]
-------------------------------------------

<users>
  <user><firstname>Alberto</firstname><lastname>Novello</lastname><age>34</age><serial>Y10</serial><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG
i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT
8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ILMHqD63nKfZNzuDsgtzmwsmTSgjtrLJjlk3zHEcLGyo6jYv0IB+wFmG3/TE/ucLmhm9Mb/BRY78
EsZ1I+Q8IhgRLWlZ2SpLwRunsdCVpKW+o5Uj1zAN2aILZpaHyJpa0QHFY3fdCP4dZqP6V62qnfOW
dUZPmPfGYWvuLCe9lJQ=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>
  <user><firstname>Daniele</firstname><lastname>Gagliardi</lastname><age>36</age><serial>Y5</serial><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG
i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT
8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Bo9u0BouVMaUcD2TT8zR+iMHnGW4AtxKGvCmpoLcj04oaYrndhhJl/0Gsp6QAi79elnNu6UjvPzg
AH4H5Ma2qduBlBdh8TmLep+JIhGzOeQPLmDVJ6yPshF5vEo6ddMLoAkDTiq1204QHJP5/F5krGfp
K6u6O0KhtCd09WMe5B0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>
  <user><firstname>Fabrizio</firstname><lastname>Petriconi</lastname><age>35</age><serial>Y15</serial><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG
i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT
8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>SEQ9PPmBlrPvq2l3/2eOV7+YIDUSYrFKmslcLftPydSnO5ge4e2OmeDCG1kZNyUhpaHTtMMSQ++k
tssOcyUr/KSsK2s4SudxJQCXdIG/t+J0pF8Z/HlNXXK5P9ftP0+mb191Np0TmuHtGCHsA35zdv1O
Prs644IIs8+taQWoJd0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>
</users>
<?xml version="1.0" encoding="UTF-8"?>
<users>
  <user>
    <firstname>Alberto</firstname>
    <lastname>Novello</lastname>
    <age>34</age>
    <serial>Y10</serial>
  </user>
  <user>
    <firstname>Daniele</firstname>
    <lastname>Gagliardi</lastname>
    <age>36</age>
    <serial>Y5</serial>
  </user>
  <user>
    <firstname>Fabrizio</firstname>
    <lastname>Petriconi</lastname>
    <age>35</age>
    <serial>Y15</serial>
  </user>
</users>

<users>
  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe
IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f
wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>aW8KrWkt1qWFKsDooniB1f6bf5M52Tc42lqwYIvZWeImZcppLvEqnw2d79Y/1vRmD2I36RDMof95
YJRiFYQLJxtSYxC6pBc9SX3f0asNALgce4pueZS6neFlVPaaT+W/YVs+nKOzGC6v+IW1gyaBxlyX
uRklAlHYm0SyD/W9ngyQHFQup18L+g==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe
IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f
wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>8fokqdXka1akIdP3L9pTc/ZD6kIj2vaX1K0HciKBu6Jcr4k9MsWImF4iJhCbNWlZU71PthDEb9C+
F00303jnLCQ/tPCbWjTLmt13WkM6+g6iP+zDVLcqnaW1nBvVnoEL6//d5HGSeOwFiX8sHgqjd3J/
ljFRMGWYsSKIym1g2UQ5k/5E86Ltxpjm8boL2EFR</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe
IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f
wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>dhLXFvrmca5SpuikvxGiyMd1WkBFhCAYyZ7YAGtE4k+GNMcNiHY0nQtO3hgEIIy9a5+JXkgqUfOQ
JhT/qhGaIENiv9rsLU04HGJ8oKeByfY490aithaq9rztmW4B9ZPESohRdoEUaza5YFhe9rWw2iPn
gvATt2jyaQL+nHT74O4hWTiom6Gnf3N/qNDBQlbV</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
</users>





















					Reply via email to