You need to use KW transform. Take a look at tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.tmpl
Aleksey On 6/9/12 10:15 AM, Roland Hedberg wrote: > > 9 jun 2012 kl. 18:14 skrev Aleksey Sanin: > >> Take a look at the tests in the tests/01-phaos-xmlenc-3/ folder. >> In particular, enc-element-3des-kw-3des.tmpl > > > Used the keys.xml from the above mentioned folder, used the template and > modified the command to be: > > xmlsec1 encrypt --pubkey-cert-pem ../example/sp/pki/mycert.pem \ > --session-key des-192 --xml-data pre_saml2_response.xml \ > --keys-file keys.xml \ > --node-xpath > '/*[local-name()="Response"]/*[local-name()="Assertion"]/*[local-name()="Subject"]/*[local-name()="EncryptedID"]/text()' > \ > enc-element-3des-kw-3des.tmpl > > Same result though, the added part is: > > <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; > Type="http://www.w3.org/2001/04/xmlenc#Element";> > <EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> > <CipherData> > > <CipherValue>ZBx6+ENTu+nktBVSGunBlnBPGc4MXxNJg9vLd1Z/MBJKx2QU/W9kD7OJRQ+Op6ct+865Cgf/9AM=</CipherValue> > </CipherData> > </EncryptedData> > > No EncryptedKey element ? > did I misunderstand you ? > > -- Roland > ------------------------------------------------------ > Roland Hedberg > IT Architect/Senior Researcher > ICT Services and System Development (ITS) > Umeå University > SE-901 87 Umeå, Sweden > Phone +46 90 786 68 44 > Mobile +46 70 696 68 44 > www.its.umu.se > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
