Aleksey,
Thanks again. I fear that I am taking too much of your time just trying
to understand the basics of this tool.
Basically, what I am trying to accomplish as part of learning this tool
is to encrypt and decrypt a simple xml file and running into problems
with templates, switches etc.
Is there a place or document where I can find a template, a set of keys,
syntax for encrypt/decrypt that work out-of-the-box, the reason being
such canned examples will help novices like me.
-Bala
-----Original Message-----
From: Aleksey Sanin [mailto:[EMAIL PROTECTED]
Sent: Friday, January 18, 2008 1:23 PM
To: Balakrishnan Viswanathan
Cc: [email protected]
Subject: Re: [xmlsec] encryption works but decryption failed
Well, your public key can not be used for AES192 encryption
requested by the template.
Aleksey
Balakrishnan Viswanathan wrote:
Aleksey,
Sorry for being a bit dense. This node is already in the template and
yes I am using pub key?.
-Bala
-----Original Message-----
From: Aleksey Sanin [mailto:[EMAIL PROTECTED]
Sent: Friday, January 18, 2008 12:04 PM
To: Balakrishnan Viswanathan
Cc: [email protected]
Subject: Re: [xmlsec] encryption works but decryption failed
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"; />
and you are using public key...
Aleksey
Balakrishnan Viswanathan wrote:
Aleksey
I took the template
http://svn.gnome.org/viewvc/xmlsec/trunk/tests/aleksey-xmlenc-01/enc-des
3cbc-aes192-keyname.tmpl?view=markup
and this time even encrypt failed with "key not found error"
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
--binary-da
ta test.xml --session-key aes-192 --pubkey-pem:test-aes192
leafkeypub.pem --outp
ut testenc.xml templatefromaleksey.xml
func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
wn:subj=
unknown:error=45:key is not found:
func=xmlSecEncCtxUriEncrypt:file=..\src\xmlenc.c:line=527:obj=unknown:su
bj=xmlSe
cEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
Error: failed to encrypt file "test.xml"
Error: failed to encrypt file with template "templatefromaleksey.xml"
-Bala
-----Original Message-----
From: Aleksey Sanin [mailto:[EMAIL PROTECTED]
Sent: Friday, January 18, 2008 11:38 AM
To: Balakrishnan Viswanathan
Cc: [email protected]
Subject: Re: [xmlsec] encryption works but decryption failed
Oh, never mine. I got it. You specify "session key" and
in this case you *must* add <EncryptedKey> to the template
to actually store the session key. Checkout examples
in xmlsec/tests/aleksey-xmlenc-01
Aleksey
Balakrishnan Viswanathan wrote:
Aleksey,
I tried that already and same result, commands below:-
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
--binary-da
ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
--output
testenc.x
ml template2withoutKeyName.xml
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
testenc.xml
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
--privkey-p
em leafkey.pem --output testdecrypt.xml testenc.xml
Enter password for "leafkey.pem" file:
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
xmlSecKe
ysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
wn:subj=
unknown:error=45:key is not found:
func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
wn:subj=
xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
xmlSecEn
cCtxDecryptToBuffer:error=1:xmlsec library function failed:
Error: failed to decrypt file
Error: failed to decrypt file "testenc.xml"
-Bala
-----Original Message-----
From: Aleksey Sanin [mailto:[EMAIL PROTECTED]
Sent: Friday, January 18, 2008 11:30 AM
To: Balakrishnan Viswanathan
Cc: [email protected]
Subject: Re: [xmlsec] encryption works but decryption failed
Could you please to try to remove the KeyName and
do *not* specify key name in the command line?
Aleksey
Balakrishnan Viswanathan wrote:
Aleksey,
Thanks for your quick response. I tried removing the <KeyName/>
from
the
template and also specified the KeyName for encrypt and decrypt,
but
decrypt still fails with "key not found" error
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
--encrypt
--binary-da
ta test.xml --session-key des-192 --pubkey-pem:leaf-key
leafkeypub.pem
--output
testenc.xml template2withoutKeyName.xml
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
testenc.xml
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
--decrypt
--privkey-p
em:leaf-key leafkey.pem --output testdecrypt.xml testenc.xml
Enter password for "leafkey.pem" file:
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
xmlSecKe
ysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
wn:subj=
unknown:error=45:key is not found:
func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
wn:subj=
xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
xmlSecEn
cCtxDecryptToBuffer:error=1:xmlsec library function failed:
Error: failed to decrypt file
Error: failed to decrypt file "testenc.xml"
I am attaching the template and encrypted document. Thanks.
-Bala
-----Original Message-----
From: Aleksey Sanin [mailto:[EMAIL PROTECTED]
Sent: Friday, January 18, 2008 10:37 AM
To: Balakrishnan Viswanathan
Cc: [email protected]
Subject: Re: [xmlsec] encryption works but decryption failed
Most likely the cause of the problem is "empty"
KeyName node. Try to remove it from the template
or specify key name in the command line options
for both encryption and decryption.
Aleksey
Balakrishnan Viswanathan wrote:
Hi All,
I am a newbie to xmlsec and also to security in general. I am
trying
to
use xmlsec utility to encrypt and decrypt using the windows binary
provided by Igor. I am able to successfully encrypt a xml file
using
syntax
Encryption:-
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
--encrypt
--binary-da
ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
--output
testenc.x
ml template2.xml
the above works and I can see the encrypted data in <ciphervalue>
node
of the output document testenc.xml (also attached).
However, when I try the reverse, i.e, decrypting the document from
above
step I get error below
Decryption fails:-
C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
--decrypt
--privkey-p
em leafkey.pem --output testdecrypt.xml testenc.xml
Enter password for "leafkey.pem" file:
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
xmlSecKe
ysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
wn:subj=
unknown:error=45:key is not found:
func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
wn:subj=
xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function
failed:
func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
xmlSecEn
cCtxDecryptToBuffer:error=1:xmlsec library function failed:
Error: failed to decrypt file
Error: failed to decrypt file "testenc.xml"
The error says "key not found", but key is in the same folder
where
I
am
running it from. I am also attaching the private key (password -
leaf)
and public key that corresponds to it
I am attaching all the relevant files. Any pointers are
appreciated.
Thanks.
-Bala
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
