Hi, i have implemented an application with xmlsec that encrypts data for multiple recipients using RSA 1_5/AES256 hybrid encryption. The AES Session keys are stored as <EncryptedKey>'s, identified by <Keyname> (Example below). Encryption works fine. During decryption of the data, xmlsec only finds private decryption keys in the Keystore I provide, if the <EncryptedKey> in the <KeyInfo> structure is the first in the list. The Data is decrypted, everything works fine.. For all other recipients I get the "Key not found" error, even if their key is present in the Keymanager(with the correct <KeyName>). I checked the XmlEncryption spec, the structure for the Encrypted Keys seems to be correct. I'm using xmlsec 1.2.8 under WinXPSP2, using mscrypto. Do i have to parse and modify the <EncryptedKey>-List myself for this to work, or is there something to do with the Keymanager? Thanks.
Götz Structure of an encrypted File, decryption will work only for key "DE, Langen, usd de ag, it security, Goetz Bundschuh-DC00", not for "de, TU Darmstadt, FB20, Goetz Bundschuh-6E", even if the private key with that name is present in the Keymanager: <?xml version="1.0" encoding="UTF-8"?> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <KeyName>DE, Langen, usd de ag, it security, Goetz Bundschuh-DC00</KeyName> </KeyInfo> <CipherData> <CipherValue>i/Af7avQLO0fYhY+q7YM5FLqq40LnIE4GmT/FCXiZwmlx/wQzWvDekjAAOKCqpc / VdCuBRZLFPOzN5Ps4sqJHxY4qbWXHmqv7ixFLftBJxLCVkah+l2PHT6JmjKKf2gz bKyKpwEeV3sSubqcG998sZaktyGM5fvMfvjveGMyvHc=</CipherValue> </CipherData> </EncryptedKey> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <KeyName>de, TU Darmstadt, FB20, Christian Valentin-6E</KeyName> </KeyInfo> <CipherData> <CipherValue>S2fbN1k+KPn2Z9gPIDspTjX7VUROWlrFPiSEHZS/aqpHa08tyQJSSNJqGUO/P6U zQOCesgbA9Jt/24TBp8w+RJik2RYjIDspTjX7VUROWlFYBBulPH1D5wqV6PCEW9L Q340OZ+LM0l0HveHn2VAQ9ZTUlJ/4eOCNIo6e5KxilQ=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> Here is the decryption code I use, adapted from the session key example: int decryptData(xmlDocPtr doc, xmlSecKeysMngrPtr privKeyMngr) { xmlNodePtr node = NULL; xmlSecEncCtxPtr encCtx = NULL; int result = CRYPTERR_OK; /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs); if(node == NULL) { //Could not find start node of document result = CRYPTERR_XML_STARTNODENOTFOUND; goto done; } /* create decryption context */ encCtx = xmlSecEncCtxCreate(privKeyMngr); if(encCtx == NULL) { //failed to create encryption context result = CRYPTERR_XML_ENCODECREATEFAIL; goto done; } /* decrypt the data */ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) { //decryption failed; result = CRYPTERR_XML_DECRYPTFAIL; goto done; } done: /* cleanup */ if(encCtx != NULL) { xmlSecEncCtxDestroy(encCtx); } return result; }
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
