Brent, Your comments lead me to debug the XMCipher java class to find out that my enveloped Signature is confusing the default decryption. My XML Signature element that is enveloped by the EncryptedData element contains it's own KeyInfo element that is being found by the call to "encryptedData.getKeyInfo();" (see http://www.koders.com/java/fidFC09B90248DEB9C9318CA3CAE0C9809BEEC94EEC.aspx#L1422)
So, to work around this issue, immediately after validating the enveloped signature, I am deleting the signature from the XML Document object "encryptedDataElement.removeChild(signatureNode);" so that it does not interfere with the decryption of the EncryptedData. This seems to be a fine workaround, but is there some way to tell the EncryptedData element to skip over the XML signature element when looking for the KeyInfo element? Or is there a better way to work with enveloped signatures? Brent Putman wrote: > > So assuming you want to use an EncryptedKey handled (resolved) by the > library at decryption time, you need to: > > 1) When encrypting...add the > EncryptedKey to *each* EncryptedData's KeyInfo. (There are other ways > to place and resolve EncryptedKey's but that's the default resolution > mechanism supported by the library). > > -- View this message in context: http://www.nabble.com/Problem-decrypting-elements-tf4699611.html#a14086621 Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
