Hi,

I'm writing my own code using xmlsec library.
I have to encrypt an xml file using a session DES key (encrypted with an RSA encryption). The only way (that I know of) is with a template xml file containing X509Certificate node.
The problem is that the output now contains two X509Certificate nodes. Is there any other way around it?
Certificate used in encryption is not installed on a local computer and is passed to my code in a buffer. I paste it then to a template and use it in an encryption process. 
 
I was able to reproduce my problem using xmlsec tool:
xmlsec encrypt --session-key des-192 --xml-data encrypt1-doc.xml --output encrypted-3des-kt-RSA.xml tmpl-EPM-encrypt-3des-kt-RSA.xml

Any ideas?

Regards,
Daniel

<PersonalData>
	<Name>Ed Shallow</Name>
	<StreetAddress>1234 Mockingbird Lane</StreetAddress>
	<City>Yellowknife</City>
	<PostalCode>W1C6J3</PostalCode>
	<SIN>123456789</SIN>
	<Salary>1,000,000,000,000</Salary>
</PersonalData>

<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns="http://www.w3.org/2001/04/xmlenc#";>
	<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
	<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
		<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";>
			<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
			<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
				<X509Data>
					<X509Certificate>MIIDIDCCAggCAQAwDQYJKoZIhvcNAQEEBQAwVjELMAkGA1UEBhMCTkwxEzARBgNV
BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDEPMA0GA1UEAxMGV291dGVyMB4XDTAzMDkyNDE5MjAxNVoXDTEzMDkyMTE5MjAx
NVowVjELMAkGA1UEBhMCTkwxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAxMGV291dGVyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkz
YkXVUOHxIwnkFwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFN
Tdjy4OIOgf7JxMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVk
xgu3x80Ji3/AZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJ
odNu2MbveNeH+YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAy
w7BhxPy6RikWW5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQAB
MA0GCSqGSIb3DQEBBAUAA4IBAQAsaD3gQfiuvKj1kceR/EEhurUyc165rKvSyLTj
nwFiPRLUOSEWE/NKUVRTcEOeERyoIaSlMKS5n9u91FX0hDmmVaQKzWGrQUQzSUJ+
bzsJ3JY4Osg79vsP3ab7HzBHH0YfMYqRmyU2XiNN5cSTWV6OkICU7kPiBIO+RFko
ckHXCcpcH95sUfdHxq11YikEwC9VDd7awzh6cjiKI0iQsCtKD4H0mJr8gAxY62+2
oB/VeHApgvKFmCyVZiqVJm7EHa0NNxFS4Sx8FJhvKLJVANkhrlf2E9OSVzMpSUcs
GiLIVTtqt8exqiU5vUlFkeWwtcFqzrrbe39ZMUbjFVq12cGn</X509Certificate>
				</X509Data>
			</KeyInfo>
			<CipherData>
				<CipherValue/>
			</CipherData>
		</EncryptedKey>
	</ds:KeyInfo>
	<CipherData>
		<CipherValue/>
	</CipherData>
</EncryptedData>

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to