Re: [xmlsec] manual decrypt

Thu, 24 Jan 2008 19:28:26 -0800 

You might want to read the spec

http://www.w3.org/Signature/Overview.html

Note the section about IV and exact CBC mode for aes
encryption.

Aleksey


Balakrishnan Viswanathan wrote:

Aleksey,
I was able to use the templates and encrypt an xml file using xmlsec, the result is like 


<?xml version="1.0" encoding="UTF-8"?>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; MimeType="text/plain">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> 

  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>

    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";>
<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 

      </EncryptionMethod>

      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>

      </KeyInfo>

      <CipherData>
<CipherValue>sPReUF+uwZhGoyq1keMI0zS0x5pJfAOv0P4GQpDiq4SkGcKL1VgQLEZb0t7cWJsF 

EVYlhLH/UX1KSR4LsD0rPtYxzyl9u1MwE78AXJmD/WpmhzuYbhGaPS4G8aBLtV4o

EphXZIut0gZUQNM4VcKBV+kKjp+pYvTJQo9ZnROszFk=</CipherValue>

      </CipherData>

    </EncryptedKey>

  </KeyInfo>

  <CipherData>
<CipherValue>0WJE6bRu1Bmu6nf7M78ZAZkeZQWSXtuGcf8X3y28ZIWHY6UFv+5HsxRTXKQ107aD 

3Rh1g5FjSZwqhHH1pJWMXKkm8L8cryXRkDbPjhYcufVwgb6m+d2xJn2H3fKdylRy

qLRK+0EPZ2QA2G7auVXKvX6zpemcb9diXSPoy4gFX1DeNReJXqvSHHSxbDBHRA7W

3uFbV7isUrELh0aYnWRIyimTf2RdgqXzFN8maR9x8AI=</CipherValue>

  </CipherData>

</EncryptedData>
I was able to decrypt the encrypted symmetric key between the first <CipherData>..</CipherData> node manually using openssl with commands
openssl rsautl -inkey leafkey.pem -decrypt -in sessionkeyraw -raw –out sessionkey.dec
the above steps output binary data into sessionkey.dec, I am able to see using command below 


 openssl enc -in sessionkey.dec –p
However, when I try to decrypt the payload (second <CipherData>…</CipherData> node)with the retrieved key using command 


openssl enc -d -a -in payload.b64.enc -kfile sessionkey.decrypt -out payload
The above returns but payload contains binary data, shouldn’t I be seeing an xml file?. 


-Bala



------------------------------------------------------------------------

_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to