Re: [xmlsec] WS-I compliant templates

Fri, 22 May 2009 08:08:09 -0700 

You need to specify "Type" of encryption in the EncryptedData node

<EncryptedData ... Type="http://www.w3.org/2001/04/xmlenc#Content";>

to encrypt the node content or "...#Element" to encrypt the whole node.

Aleksey

Henry Rollins wrote:

Hi, Aleksey!

Can xmlsec work with WS-I compliant templates?
For example, i tried to encrypt message with the follwoing template but was not succeeded: 

<?xml version="1.0" encoding="UTF-8"?>
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' 
               xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
               xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
  <xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5' /> 
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
    <ds:KeyName>my-rsa-key</ds:KeyName>
    </ds:KeyInfo>
    <xenc:CipherData>
      <xenc:CipherValue>
      </xenc:CipherValue>
    </xenc:CipherData>
    <xenc:ReferenceList>
      <xenc:DataReference URI='#Enc1' />
    </xenc:ReferenceList>
  </xenc:EncryptedKey>
  <xenc:EncryptedData Id='Enc1'>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc' /> 
    <xenc:CipherData>
      <xenc:CipherValue>
      </xenc:CipherValue>
    </xenc:CipherData>
  </xenc:EncryptedData>
</wsse:Security>

The error was following:
func=xmlSecEncCtxXmlEncrypt:file=xmlenc.c:line=417:obj=unknown:subj=unknown:error=14:invalid type:type=NULL 
Error: failed to encrypt xml file "./orig_content.xml"
Error: failed to encrypt file with template "./req__encryptedkey_before_encrypteddata_v.tmpl"
This example I composed according to: http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#EncryptedKey 

Thanks!


------------------------------------------------------------------------

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to