I believe you are affected by bug #42866: http://issues.apache.org/bugzilla/show_bug.cgi?id=42886
I will try to putback a fix for this soon. --Sean Daniele Gagliardi wrote: > I tried the same code with Apache XML Security 1.3.0 and it works fine, > as you can see in the attachment. > > > > encrypted-users2.xml > > <users> > <user><xenc:EncryptedData > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <xenc:EncryptedKey><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL > > EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1 > > avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>VnqYiLu9x2zbt42WLSLeRi3VLOeN6QgTEeWvBZ72kyN7Z4VgF4OOtyEwvpM2lbYPtOi+EGojmDa5 > > F4CN/QLuQkOq/clwbP/hv5sy+1ofXjwTYNvvT+Q9J8zwjXYaZOzzyCSt+SCUHOYQV2CyRoyLNCC9 > > KvpfLQ6TW7oiXdIT5nE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> > > <user><xenc:EncryptedData > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <xenc:EncryptedKey><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL > > EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1 > > avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Sb6Qd7O0PuuWPNhpDrW6v6VyY4tRTxi+zeLOYj9t2OzWLHt+BxdjRRJ31dVD834kS/f95Hrj69J+ > > XNn7Pld+0o/AoAMAYW+4+jACALStzRdMpRTQTOruifY7cRUll3LWgB6Gc2vRr1rEty7lLra0A/oV > > TKS+kFwH5F0vyT3U/Zk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> > > <user><xenc:EncryptedData > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <xenc:EncryptedKey><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL > > EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1 > > avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>rJ5aHYre7ZC4Vy7l6mBLdqkz1qcF2hryAvrrtpCbYjxwFUkgxOjoiXt8/Kj7ESHcX88Lsqk7tjYj > > 4S2ioxGw3IDNnrnquqZc4CH/IP0gSs0w1L9cxwsW493z5G0LQFG7Ry1l57hPMYhMtSrnaDPPYaoT > > h4U7pGPh2oiPHCi5xqg=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> > > </users> > > > > Daniele Gagliardi ha scritto: >> Hi, >> I have a strange behaviour: I want to encrypt content of some >> elements in a xml file, and so I use >> doFinal(..,..,true), but the resulting file has both clear content and >> encrypted content. >> >> Here is my code, that I use with test file users.xml: >> >> ... >> Element rootElement = doc.getDocumentElement(); >> ... >> >> NodeList dataToEncrypt = XPathAPI.selectNodeList(rootElement, >> "/users/user"); >> >> XMLCipher dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES); >> dataCipher.init(XMLCipher.ENCRYPT_MODE, secretKey); >> >> >> for (int i = 0; i < dataToEncrypt.getLength(); i++) { >> EncryptedData encryptedData = dataCipher.getEncryptedData(); >> KeyInfo ki = new KeyInfo(doc); >> ki.add(encrytedKey); >> encryptedData.setKeyInfo(ki); >> dataCipher.doFinal(doc,(Element) dataToEncrypt.item(i), true); >> } >> >> and I get file encrypted-users.xml. >> >> Instead, if in the same code I use the call >> dataCipher.doFinal(doc,(Element) dataToEncrypt.item(i), false), I have >> the clear content correctly replaced by encrytped content (see file >> ecnrytped-users2.xml). >> >> >> >> Here the xml file content: >> >> users.xml >> >> <?xml version="1.0" encoding="UTF-8"?> >> <users> >> <user> >> <firstname>Alberto</firstname> >> <lastname>Novello</lastname> >> <age>34</age> >> <serial>Y10</serial> >> </user> >> <user> >> <firstname>Daniele</firstname> >> <lastname>Gagliardi</lastname> >> <age>36</age> >> <serial>Y5</serial> >> </user> >> <user> >> <firstname>Fabrizio</firstname> >> <lastname>Petriconi</lastname> >> <age>35</age> >> <serial>Y15</serial> >> </user> >> </users> >> >> >> encrypted-users.xml >> >> <users> >> >> <user><firstname>Alberto</firstname><lastname>Novello</lastname><age>34</age><serial>Y10</serial><xenc:EncryptedData >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >> Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <xenc:EncryptedKey><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG >> >> i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT >> >> 8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ILMHqD63nKfZNzuDsgtzmwsmTSgjtrLJjlk3zHEcLGyo6jYv0IB+wFmG3/TE/ucLmhm9Mb/BRY78 >> >> EsZ1I+Q8IhgRLWlZ2SpLwRunsdCVpKW+o5Uj1zAN2aILZpaHyJpa0QHFY3fdCP4dZqP6V62qnfOW >> >> dUZPmPfGYWvuLCe9lJQ=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> >> >> >> <user><firstname>Daniele</firstname><lastname>Gagliardi</lastname><age>36</age><serial>Y5</serial><xenc:EncryptedData >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >> Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <xenc:EncryptedKey><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG >> >> i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT >> >> 8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Bo9u0BouVMaUcD2TT8zR+iMHnGW4AtxKGvCmpoLcj04oaYrndhhJl/0Gsp6QAi79elnNu6UjvPzg >> >> AH4H5Ma2qduBlBdh8TmLep+JIhGzOeQPLmDVJ6yPshF5vEo6ddMLoAkDTiq1204QHJP5/F5krGfp >> >> K6u6O0KhtCd09WMe5B0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> >> >> >> <user><firstname>Fabrizio</firstname><lastname>Petriconi</lastname><age>35</age><serial>Y15</serial><xenc:EncryptedData >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >> Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <xenc:EncryptedKey><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>Vytc627kcp21JoGTiRTPBsx5/2n0r+k02VK4WYBK49yTxLrqUGduq/cT0bA+1GEG45h6/2IZMnHG >> >> i6A89jhtfqPqKfR/RbWSfdEGTcr9qcKOXxPSu3OXMD8tcZSG4s+ffQzLxAl4aFcCm7e4/FG9lRFT >> >> 8XV1jw48PZ7m1Tpy7S8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>SEQ9PPmBlrPvq2l3/2eOV7+YIDUSYrFKmslcLftPydSnO5ge4e2OmeDCG1kZNyUhpaHTtMMSQ++k >> >> tssOcyUr/KSsK2s4SudxJQCXdIG/t+J0pF8Z/HlNXXK5P9ftP0+mb191Np0TmuHtGCHsA35zdv1O >> >> Prs644IIs8+taQWoJd0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> >> >> </users> >> >> >> >> encrypted-users2.xml >> >> <users> >> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >> Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <xenc:EncryptedKey><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe >> >> IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f >> >> wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>aW8KrWkt1qWFKsDooniB1f6bf5M52Tc42lqwYIvZWeImZcppLvEqnw2d79Y/1vRmD2I36RDMof95 >> >> YJRiFYQLJxtSYxC6pBc9SX3f0asNALgce4pueZS6neFlVPaaT+W/YVs+nKOzGC6v+IW1gyaBxlyX >> >> uRklAlHYm0SyD/W9ngyQHFQup18L+g==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData> >> >> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >> Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <xenc:EncryptedKey><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe >> >> IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f >> >> wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>8fokqdXka1akIdP3L9pTc/ZD6kIj2vaX1K0HciKBu6Jcr4k9MsWImF4iJhCbNWlZU71PthDEb9C+ >> >> F00303jnLCQ/tPCbWjTLmt13WkM6+g6iP+zDVLcqnaW1nBvVnoEL6//d5HGSeOwFiX8sHgqjd3J/ >> >> ljFRMGWYsSKIym1g2UQ5k/5E86Ltxpjm8boL2EFR</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData> >> >> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >> Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <xenc:EncryptedKey><xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>dfg67rEb25elIKkkCITwgvpCb+QQbXeZRL05j3cpFFZHM10Si4FNJPdkh5V8bR3GdKZSLD8jbSQe >> >> IOnUIlaZlor38jr+35mDUKemVmBy0X+rvaKG/K91HuoajTrE7T+oOK0u+yGe8+QMwi9S1iOOgM4f >> >> wcUvKqnGrVgpJjUoHc4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>dhLXFvrmca5SpuikvxGiyMd1WkBFhCAYyZ7YAGtE4k+GNMcNiHY0nQtO3hgEIIy9a5+JXkgqUfOQ >> >> JhT/qhGaIENiv9rsLU04HGJ8oKeByfY490aithaq9rztmW4B9ZPESohRdoEUaza5YFhe9rWw2iPn >> >> gvATt2jyaQL+nHT74O4hWTiom6Gnf3N/qNDBQlbV</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData> >> >> </users> >> >> >> >> > > > ------------------------------------------------------------------------ > > <users> > <user><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <xenc:EncryptedKey><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL > EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1 > avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>VnqYiLu9x2zbt42WLSLeRi3VLOeN6QgTEeWvBZ72kyN7Z4VgF4OOtyEwvpM2lbYPtOi+EGojmDa5 > F4CN/QLuQkOq/clwbP/hv5sy+1ofXjwTYNvvT+Q9J8zwjXYaZOzzyCSt+SCUHOYQV2CyRoyLNCC9 > KvpfLQ6TW7oiXdIT5nE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> > <user><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <xenc:EncryptedKey><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL > EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1 > avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Sb6Qd7O0PuuWPNhpDrW6v6VyY4tRTxi+zeLOYj9t2OzWLHt+BxdjRRJ31dVD834kS/f95Hrj69J+ > XNn7Pld+0o/AoAMAYW+4+jACALStzRdMpRTQTOruifY7cRUll3LWgB6Gc2vRr1rEty7lLra0A/oV > TKS+kFwH5F0vyT3U/Zk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> > <user><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><ds:KeyInfo > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <xenc:EncryptedKey><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>rYDHUyjSs8OlvnXKFS6mouco1ke/4pzHAtptOuf6By7Ib44oz6tl6TlENZf1ykBeoNB5WSH/sUjL > EMGmsSEkgiwbFrUe5Y/FuXfcISUbmxUbnMlghXToIOdcbDDgnT75mkNW45qcsy2mGS3I4pAGvZI1 > avlmoEI4Z3lSgDkdhCM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>rJ5aHYre7ZC4Vy7l6mBLdqkz1qcF2hryAvrrtpCbYjxwFUkgxOjoiXt8/Kj7ESHcX88Lsqk7tjYj > 4S2ioxGw3IDNnrnquqZc4CH/IP0gSs0w1L9cxwsW493z5G0LQFG7Ry1l57hPMYhMtSrnaDPPYaoT > h4U7pGPh2oiPHCi5xqg=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></user> > </users>
