Glad you figured it out!
Best,
Aleksey
On 3/26/22 4:26 PM, Timothy Legge wrote:
Hi
I was sitting watching my son play hockey and realized my issue.
The example I was using --node-xpath
'/PayInfo/CreditCard/Number/text()' grabs the text of the Number
element. As it is already text,
http://www.w3.org/2001/04/xmlenc#Content is not valid.
Changing it to --node-xpath '/PayInfo/CreditCard/Number allows me to
use http://www.w3.org/2001/04/xmlenc#Content in the template and it
correctly encrypts just the credit card number.
So the example from
https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html
was incorrect.
Thanks for the earlier reply.
Tim
Timothy Legge
[email protected]
[email protected]
On Sat, Mar 26, 2022 at 11:49 AM Timothy Legge <[email protected]> wrote:
Hi Aleksey
I just wrote a perl module to encrypt and decrypt XML. As part of the
test scripts I am using xmlsec to encrypt XML to verify that the
XML::Enc module can properly decrypt the XML.
I ran into trouble with xmlsec encrypting the content within a tag.
When I used the xpath /PayInfo/CreditCard/Number/text() to get the
Content xmlsec only seems to encrypt the Content correctly if I use
http://www.w3.org/2001/04/xmlenc#Element as the EncryptedData type.
If I try to use http://www.w3.org/2001/04/xmlenc#Content it leaves
the Content of the Number empty.
My tests are in
https://github.com/perl-net-saml2/perl-XML-Enc/blob/main/t/07-decrypt-xmlsec.t
basically I test with both an Encrypted Element and Encrypted Content.
In the Module I have to use an option force_element_to_content so that
when the xmlsec encrypted Content is decrypted that includes the
http://www.w3.org/2001/04/xmlenc#Element as the EncryptedData Type I
treat it as if it was Content if it is not valide XML. In this case
it is simply the credit card number.
I will take a look at the examples in case I am doing something
incorrect in my xmlsec commands.
Tim
Timothy Legge
[email protected]
[email protected]
On Sat, Mar 26, 2022 at 11:06 AM Aleksey Sanin <[email protected]> wrote:
Hi Timothy,
I am not exactly sure what are you trying to do but I recommend
checking out examples:
https://github.com/lsh123/xmlsec/tree/master/examples
and tests:
https://github.com/lsh123/xmlsec/tree/master/tests
Also, if you can explain what is your goal, then it might be easier
to provide a solution for your problem.
Best,
Aleksey
On 3/25/22 7:15 PM, Timothy Legge wrote:
Hi
Sorry, I sent this directly to Aleksey initially...
I was following:
https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html
(which is reasonably close enough for me to get encryption working.
Specifically the following command results in the Content in
/PayInfo/CreditCard/Number/text() being properly encrypted. However,
I would expect that the EncryptedData Type should be
"http://www.w3.org/2001/04/xmlenc#Content"; instead of the specified
Element for this to properly encrypt the Content. Changing it to
Content causes the doc-encrypted.xml created to be missing data in the
Number tags: "<Number></Number>".
To me it appears this to be a bug but likely I am misreading the
XML-Enc specifications.
Any thoughts?
xmlsec1 --encrypt --pubkey-cert-pem t/sign-certonly.pem
--session-key des-192 --xml-data doc-plain.xml --output
doc-encrypted.xml --node-xpath '/PayInfo/CreditCard/Number/text()'
session-key-template.xml
========================================
doc-plain.xml
========================================
<?xml version="1.0" encoding="utf-8" ?>
<PayInfo>
<Name>John Smith</Name>
<CreditCard Limit='2,000' Currency='USD'>
<Number>1076 2478 0678 5589</Number>
<Issuer>CitiBank</Issuer>
<Expiration>06/10</Expiration>
</CreditCard>
</PayInfo>
========================================
session-key-template.xml
==========================================
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Original XML
doc file before encryption (encrypt3 example).
-->
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#";
Type="http://www.w3.org/2001/04/xmlenc#Element";>
<EncryptionMethod Algorithm=
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";>
<EncryptionMethod Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<KeyName/>
</KeyInfo>
<CipherData>
<CipherValue/>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue/>
</CipherData>
</EncryptedData>
==========================================
Timothy Legge
[email protected]
[email protected]
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
