You create a template that specifies <EncryptionMethod Algorithm="...#aes128-cbc">
and then specify the encrypted key as follows <EncryptedKey> <EncryptionMethod Algorithm="...#rsa-1_5"/> ... </> This will automatically create "session" AES key, use this session key to encrypt data and then put encrypted session key in the <EncryptedKey> element. Search for "aes128-cbc" string in the xmlsec/tests folder for examples. Aleksey Sébastien Hinderer wrote:
Dear all, I went through xmlsec's tutorial and examined several pages of the API reference, but cant't really figure out how to encrypt a key with another key. The scenario is as follows. 1. An AES 192 bits key is generated. 2. This key is encrypted with an RSA public key, so that it can be decrypted only on a device owning the corresponding private key. 3. The AES key generated in step 1 is used to encrypt a series of XML files, so that these files are readable only on one device. My uestion is about step 2. More precisely, I know how to load the rea key, assume it is placed in a variable called rsaPublicKey. I also know how to generate the AES key, spposed it is placed in a variable called aesKey. Now that these two keys are available, how to produce something looking like this: <xe:EncryptedKey> <xe:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <xe:CipherData> <xe:CipherValue>...</xe:CipherValue> </xe:CipherData> <xe:CarriedKeyName>keyname</xe:CarriedKeyName> </xe:EncryptedKey> My guess is that the operation will involve xmlSecTransformRsaPkcs1Id, but I can't find more precisely the wayleading from the two keys to the previously shown output. Any help would be gratly appreciate. Thanks much in advance, Sébastien. _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
