[xmlsec] Re: Single-alone EncryptedKey Handle

[Andrew Fan]

Aleksey Sanin wrote:

Andrew,

First of all, please use xmlsec mailing list instead of my
personal email. "Aleksey & All" on my personal email makes
me feel uncomfortable :)
I say sorry. This is my mistakes, I forgot CC the mail to the mail list. 
So sorry.

Now back to your question. There is a way to do it:

1) Prepare <EncryptedKey/> template either by hand or with
xmlSecTmplKeyInfoAddEncryptedKey() function (just ignore
"KeyInfo" in the name of the function and in the name of
the first parameter, supply any node as parent instead :) ).
2) Select/generate the session key.
3) Encrypt this key in the created <EncryptedKey/> template
with xmlSecEncCtxBinaryEncrypt() function as usual.
4) Now create/load <EncryptedData/> template as usual,
you may use xmlSecTmplKeyInfoAddRetrievalMethod() function
to add <RetrievalMethod/> node.
5) Create xmlSecEncCtx and set the session key from step 2)
in "encKey" member.
6) Do encryption as usual.
The process seems to be long but it actually very simple.
There are too many possible options here and I am not sure
I have any good idea on how to simplify it w/o adding too
much internal complexity.
Thank you! You give me the answer.

 

Aleksey.



Andrew Fan wrote:

Hi Aleksey & All,

I want to support single-alone EncryptedKey  which refereneced by the 
RetrivalMethod of the KeyInfo inside a EncrypedData, such as:

 [t01] <EncryptedData Id='ED'         
xmlns='http://www.w3.org/2001/04/xmlenc#'>
 [t02]   <EncryptionMethod           
Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/>
 [t03]   <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
 [t04]     <ds:RetrievalMethod URI='#EK'
            Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/>
 [t05]     <ds:KeyName>Sally Doe</ds:KeyName>
 [t06]   </ds:KeyInfo>
 [t07]   <CipherData><CipherValue>DEADBEEF</CipherValue></CipherData>
 [t08] </EncryptedData>

 [t09] <EncryptedKey Id='EK' xmlns='http://www.w3.org/2001/04/xmlenc#'>
 [t10]   <EncryptionMethod           
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
 [t11]   <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
 [t12]     <ds:KeyName>John Smith</ds:KeyName>
 [t13]   </ds:KeyInfo>
 [t14]   <CipherData><CipherValue>xyzabc</CipherValue></CipherData>
 [t15]   <ReferenceList>
 [t16]     <DataReference URI='#ED'/>
 [t17]   </ReferenceList>
 [t18]   <CarriedKeyName>Sally Doe</CarriedKeyName>
 [t19] </EncryptedKey>

And I have not found the suitable interfaces. What can I do? Can you 
give me some suggestions?

Thanks,
Andrew





_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec