Re: Encryption does not replace elements' content

Tue, 17 Jul 2007 08:28:24 -0700

I tried the same code with Apache XML Security 1.3.0 and it works fine, as you can see in the attachment. 


encrypted-users2.xml

<users>

  <user><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL

EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1
avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>VnqYiLu9x2zbt42WLSLeRi3VLOeN6QgTEeWvBZ72kyN7Z4VgF4OOtyEwvpM2lbYPtOi+EGojmDa5
F4CN/QLuQkOq/clwbP/hv5sy+1ofXjwTYNvvT+Q9J8zwjXYaZOzzyCSt+SCUHOYQV2CyRoyLNCC9
KvpfLQ6TW7oiXdIT5nE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>

  <user><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL

EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1
avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Sb6Qd7O0PuuWPNhpDrW6v6VyY4tRTxi+zeLOYj9t2OzWLHt+BxdjRRJ31dVD834kS/f95Hrj69J+
XNn7Pld+0o/AoAMAYW+4+jACALStzRdMpRTQTOruifY7cRUll3LWgB6Gc2vRr1rEty7lLra0A/oV
TKS+kFwH5F0vyT3U/Zk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>

  <user><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL

EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1
avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>rJ5aHYre7ZC4Vy7l6mBLdqkz1qcF2hryAvrrtpCbYjxwFUkgxOjoiXt8/Kj7ESHcX88Lsqk7tjYj
4S2ioxGw3IDNnrnquqZc4CH/IP0gSs0w1L9cxwsW493z5G0LQFG7Ry1l57hPMYhMtSrnaDPPYaoT
h4U7pGPh2oiPHCi5xqg=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>
</users>



Daniele Gagliardi ha scritto:

Hi,

  I have a strange behaviour: I want to encrypt content of some elements 
in a xml file, and so I use
doFinal(..,..,true), but the resulting file has both clear content and 
encrypted content.


Here is my code, that I use with test file users.xml:

...
Element rootElement = doc.getDocumentElement();
...

NodeList dataToEncrypt = XPathAPI.selectNodeList(rootElement,
            "/users/user");

XMLCipher dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
dataCipher.init(XMLCipher.ENCRYPT_MODE, secretKey);


for (int i = 0; i < dataToEncrypt.getLength(); i++) {
    EncryptedData encryptedData = dataCipher.getEncryptedData();
    KeyInfo ki = new KeyInfo(doc);
    ki.add(encrytedKey);
    encryptedData.setKeyInfo(ki);
    dataCipher.doFinal(doc,(Element) dataToEncrypt.item(i), true);
}

and I get file encrypted-users.xml.


Instead, if in the same code I use the call 
dataCipher.doFinal(doc,(Element) dataToEncrypt.item(i), false), I have 
the clear content correctly replaced by encrytped content (see file 
ecnrytped-users2.xml).




Here the xml file content:

users.xml

<?xml version="1.0" encoding="UTF-8"?>
<users>
  <user>
    <firstname>Alberto</firstname>
    <lastname>Novello</lastname>
    <age>34</age>
    <serial>Y10</serial>
  </user>
  <user>
    <firstname>Daniele</firstname>
    <lastname>Gagliardi</lastname>
    <age>36</age>
    <serial>Y5</serial>
  </user>
  <user>
    <firstname>Fabrizio</firstname>
    <lastname>Petriconi</lastname>
    <age>35</age>
    <serial>Y15</serial>
  </user>
</users>


encrypted-users.xml

<users>


<user><firstname>Alberto</firstname><lastname>Novello</lastname><age>34</age><serial>Y10</serial><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG 

i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT 

8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ILMHqD63nKfZNzuDsgtzmwsmTSgjtrLJjlk3zHEcLGyo6jYv0IB+wFmG3/TE/ucLmhm9Mb/BRY78 

EsZ1I+Q8IhgRLWlZ2SpLwRunsdCVpKW+o5Uj1zAN2aILZpaHyJpa0QHFY3fdCP4dZqP6V62qnfOW 

dUZPmPfGYWvuLCe9lJQ=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> 




<user><firstname>Daniele</firstname><lastname>Gagliardi</lastname><age>36</age><serial>Y5</serial><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG 

i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT 

8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Bo9u0BouVMaUcD2TT8zR+iMHnGW4AtxKGvCmpoLcj04oaYrndhhJl/0Gsp6QAi79elnNu6UjvPzg 

AH4H5Ma2qduBlBdh8TmLep+JIhGzOeQPLmDVJ6yPshF5vEo6ddMLoAkDTiq1204QHJP5/F5krGfp 

K6u6O0KhtCd09WMe5B0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> 




<user><firstname>Fabrizio</firstname><lastname>Petriconi</lastname><age>35</age><serial>Y15</serial><xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG 

i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT 

8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>SEQ9PPmBlrPvq2l3/2eOV7+YIDUSYrFKmslcLftPydSnO5ge4e2OmeDCG1kZNyUhpaHTtMMSQ++k 

tssOcyUr/KSsK2s4SudxJQCXdIG/t+J0pF8Z/HlNXXK5P9ftP0+mb191Np0TmuHtGCHsA35zdv1O 

Prs644IIs8+taQWoJd0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> 


</users>



encrypted-users2.xml

<users>

  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe 

IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f 

wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>aW8KrWkt1qWFKsDooniB1f6bf5M52Tc42lqwYIvZWeImZcppLvEqnw2d79Y/1vRmD2I36RDMof95 

YJRiFYQLJxtSYxC6pBc9SX3f0asNALgce4pueZS6neFlVPaaT+W/YVs+nKOzGC6v+IW1gyaBxlyX 

uRklAlHYm0SyD/W9ngyQHFQup18L+g==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData> 

  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe 

IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f 

wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>8fokqdXka1akIdP3L9pTc/ZD6kIj2vaX1K0HciKBu6Jcr4k9MsWImF4iJhCbNWlZU71PthDEb9C+ 

F00303jnLCQ/tPCbWjTLmt13WkM6+g6iP+zDVLcqnaW1nBvVnoEL6//d5HGSeOwFiX8sHgqjd3J/ 

ljFRMGWYsSKIym1g2UQ5k/5E86Ltxpjm8boL2EFR</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData> 

  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe 

IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f 

wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>dhLXFvrmca5SpuikvxGiyMd1WkBFhCAYyZ7YAGtE4k+GNMcNiHY0nQtO3hgEIIy9a5+JXkgqUfOQ 

JhT/qhGaIENiv9rsLU04HGJ8oKeByfY490aithaq9rztmW4B9ZPESohRdoEUaza5YFhe9rWw2iPn 

gvATt2jyaQL+nHT74O4hWTiom6Gnf3N/qNDBQlbV</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData> 


</users>






--
-------------------------------------------
Daniele Gagliardi

Engiweb Security - Gruppo Engineering
Corso Stati Uniti 23/I
35127 Padova, Italia

Tel. ++39 0498692507
Fax. ++39 0498692566

http://www.engiweb.com

e-mail:   [EMAIL PROTECTED]
-------------------------------------------

<users>
  <user><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL
EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1
avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>VnqYiLu9x2zbt42WLSLeRi3VLOeN6QgTEeWvBZ72kyN7Z4VgF4OOtyEwvpM2lbYPtOi+EGojmDa5
F4CN/QLuQkOq/clwbP/hv5sy+1ofXjwTYNvvT+Q9J8zwjXYaZOzzyCSt+SCUHOYQV2CyRoyLNCC9
KvpfLQ6TW7oiXdIT5nE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>
  <user><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL
EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1
avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Sb6Qd7O0PuuWPNhpDrW6v6VyY4tRTxi+zeLOYj9t2OzWLHt+BxdjRRJ31dVD834kS/f95Hrj69J+
XNn7Pld+0o/AoAMAYW+4+jACALStzRdMpRTQTOruifY7cRUll3LWgB6Gc2vRr1rEty7lLra0A/oV
TKS+kFwH5F0vyT3U/Zk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>
  <user><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL
EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1
avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>rJ5aHYre7ZC4Vy7l6mBLdqkz1qcF2hryAvrrtpCbYjxwFUkgxOjoiXt8/Kj7ESHcX88Lsqk7tjYj
4S2ioxGw3IDNnrnquqZc4CH/IP0gSs0w1L9cxwsW493z5G0LQFG7Ry1l57hPMYhMtSrnaDPPYaoT
h4U7pGPh2oiPHCi5xqg=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user>
</users>





















					Reply via email to