Thanks, now I am trying to figure out GCM support... Timothy Legge [email protected] [email protected]
On Mon, Mar 28, 2022 at 9:44 AM Aleksey Sanin <[email protected]> wrote: > > Glad you figured it out! > > Best, > > Aleksey > > On 3/26/22 4:26 PM, Timothy Legge wrote: > > Hi > > > > I was sitting watching my son play hockey and realized my issue. > > > > The example I was using --node-xpath > > '/PayInfo/CreditCard/Number/text()' grabs the text of the Number > > element. As it is already text, > > http://www.w3.org/2001/04/xmlenc#Content is not valid. > > > > Changing it to --node-xpath '/PayInfo/CreditCard/Number allows me to > > use http://www.w3.org/2001/04/xmlenc#Content in the template and it > > correctly encrypts just the credit card number. > > > > So the example from > > https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html > > was incorrect. > > > > Thanks for the earlier reply. > > > > Tim > > > > Timothy Legge > > [email protected] > > [email protected] > > > > On Sat, Mar 26, 2022 at 11:49 AM Timothy Legge <[email protected]> wrote: > >> > >> Hi Aleksey > >> > >> I just wrote a perl module to encrypt and decrypt XML. As part of the > >> test scripts I am using xmlsec to encrypt XML to verify that the > >> XML::Enc module can properly decrypt the XML. > >> > >> I ran into trouble with xmlsec encrypting the content within a tag. > >> When I used the xpath /PayInfo/CreditCard/Number/text() to get the > >> Content xmlsec only seems to encrypt the Content correctly if I use > >> http://www.w3.org/2001/04/xmlenc#Element as the EncryptedData type. > >> If I try to use http://www.w3.org/2001/04/xmlenc#Content it leaves > >> the Content of the Number empty. > >> > >> My tests are in > >> https://github.com/perl-net-saml2/perl-XML-Enc/blob/main/t/07-decrypt-xmlsec.t > >> basically I test with both an Encrypted Element and Encrypted Content. > >> In the Module I have to use an option force_element_to_content so that > >> when the xmlsec encrypted Content is decrypted that includes the > >> http://www.w3.org/2001/04/xmlenc#Element as the EncryptedData Type I > >> treat it as if it was Content if it is not valide XML. In this case > >> it is simply the credit card number. > >> > >> I will take a look at the examples in case I am doing something > >> incorrect in my xmlsec commands. > >> > >> Tim > >> > >> Timothy Legge > >> [email protected] > >> [email protected] > >> > >> On Sat, Mar 26, 2022 at 11:06 AM Aleksey Sanin <[email protected]> wrote: > >>> > >>> Hi Timothy, > >>> > >>> I am not exactly sure what are you trying to do but I recommend > >>> checking out examples: > >>> > >>> https://github.com/lsh123/xmlsec/tree/master/examples > >>> > >>> and tests: > >>> > >>> https://github.com/lsh123/xmlsec/tree/master/tests > >>> > >>> Also, if you can explain what is your goal, then it might be easier > >>> to provide a solution for your problem. > >>> > >>> Best, > >>> > >>> Aleksey > >>> > >>> On 3/25/22 7:15 PM, Timothy Legge wrote: > >>>> Hi > >>>> > >>>> Sorry, I sent this directly to Aleksey initially... > >>>> > >>>> I was following: > >>>> https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html > >>>> (which is reasonably close enough for me to get encryption working. > >>>> > >>>> Specifically the following command results in the Content in > >>>> /PayInfo/CreditCard/Number/text() being properly encrypted. However, > >>>> I would expect that the EncryptedData Type should be > >>>> "http://www.w3.org/2001/04/xmlenc#Content"; instead of the specified > >>>> Element for this to properly encrypt the Content. Changing it to > >>>> Content causes the doc-encrypted.xml created to be missing data in the > >>>> Number tags: "<Number></Number>". > >>>> > >>>> To me it appears this to be a bug but likely I am misreading the > >>>> XML-Enc specifications. > >>>> > >>>> Any thoughts? > >>>> > >>>> xmlsec1 --encrypt --pubkey-cert-pem t/sign-certonly.pem > >>>> --session-key des-192 --xml-data doc-plain.xml --output > >>>> doc-encrypted.xml --node-xpath '/PayInfo/CreditCard/Number/text()' > >>>> session-key-template.xml > >>>> > >>>> ======================================== > >>>> doc-plain.xml > >>>> ======================================== > >>>> <?xml version="1.0" encoding="utf-8" ?> > >>>> <PayInfo> > >>>> <Name>John Smith</Name> > >>>> <CreditCard Limit='2,000' Currency='USD'> > >>>> <Number>1076 2478 0678 5589</Number> > >>>> <Issuer>CitiBank</Issuer> > >>>> <Expiration>06/10</Expiration> > >>>> </CreditCard> > >>>> </PayInfo> > >>>> ======================================== > >>>> session-key-template.xml > >>>> ========================================== > >>>> <?xml version="1.0" encoding="UTF-8"?> > >>>> <!-- > >>>> XML Security Library example: Original XML > >>>> doc file before encryption (encrypt3 example). > >>>> --> > >>>> <EncryptedData > >>>> xmlns="http://www.w3.org/2001/04/xmlenc#"; > >>>> Type="http://www.w3.org/2001/04/xmlenc#Element";> > >>>> <EncryptionMethod Algorithm= > >>>> "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> > >>>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > >>>> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";> > >>>> <EncryptionMethod Algorithm= > >>>> "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > >>>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > >>>> <KeyName/> > >>>> </KeyInfo> > >>>> <CipherData> > >>>> <CipherValue/> > >>>> </CipherData> > >>>> </EncryptedKey> > >>>> </KeyInfo> > >>>> <CipherData> > >>>> <CipherValue/> > >>>> </CipherData> > >>>> </EncryptedData> > >>>> ========================================== > >>>> > >>>> > >>>> Timothy Legge > >>>> [email protected] > >>>> [email protected] > >>>> _______________________________________________ > >>>> xmlsec mailing list > >>>> [email protected] > >>>> http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
