DO NOT REPLY [Bug 47695] New: X509Data Incorrectly Generated

Fri, 14 Aug 2009 16:26:17 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=47695

           Summary: X509Data Incorrectly Generated
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: rjohn...@gmu.edu


--- Comment #0 from rjohn...@gmu.edu 2009-08-14 16:25:42 PDT ---
The bug reported below in Internet2 also seems to be appearing in Apache's XML
Security (I think Java 1.4.3).  (I'm assuming Internet2 is something different
and that this bug just happens to be in both places and I needed to report it
here?)  I assumed it was user error until I found this link.  Although the XML
encrypted file can be decrypted in Java, it will not decrypt in .Net. .Net
raises this error: "[CryptographicException: Unable to retrieve the decryption
key.]" Seems to mess up the parsing. By manually editing the encrypted document
(moving X509Data inside the Encrypted Key element, and wrapping the X509Data
element in a second KeyInfo element), all becomes well, so it appears to be the
same type of problem as the Internet2 bug.  Not sure if this is in Signature
(mostly ds: elements) or in Encryption (I was encrypting and wrapping a
symmetric key in the X.509 public key of the recipient).


https://bugs.internet2.edu/jira/browse/CPPXT-31
In other words, it's sending this: 
EncryptedData 
    KeyInfo 
        EncryptedKey 
        X509Data (with SP's key) 
The correct nesting is this: 
EncryptedData 
    KeyInfo 
        EncryptedKey 
            KeyInfo 
                X509Data (with SP's key) 



Here is the part of my code that raises the problem.
  KeyInfo keyInfo = new KeyInfo(document);  
  X509Data x509dat = new X509Data(document);
  x509dat.addCertificate(cert);                //cert is an X509Certificate
  keyInfo.add(encryptedKey);                   //encryptedKey contains an AES 
  symmetric key
  keyInfo.add(x509dat);
  encryptedDataElement.setKeyInfo(keyInfo);    //encryptedDataElement is
                                               //EncryptedData

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Reply via email to