Hi I am missing the reference I think. Is it related to the --id-attr?
Timothy Legge [email protected] [email protected] On Tue, Mar 29, 2022 at 6:36 PM Aleksey Sanin <[email protected]> wrote: > > FAQ section 3.2 if I recall (or somewhere close by). > > Aleksey > > On 3/29/22 5:34 PM, Timothy Legge wrote: > > Hi > > > > It also seems to be an issue with a IdP SAMLResponse from okta: > > > > I have attached the xml as test xml and the base64 version as well as > > the private key (that private key is from perl-Net-SAML2 and is > > already public so it is fine to post). My perl XML::Enc module > > decrypts this file without any issues. > > > > I am continuing to review. > > > > Tim > > > > xmlsec1 --decrypt --privkey-pem sign-private-rsa.pem test.xml > > func=xmlSecXPathDataExecute:file=xpath.c:line=246:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 > > library function > > failed:expr=xpointer(id('_040a0aae3380dc9275ae08c24a8ddd72')); xml > > error: 0: NULL > > func=xmlSecXPathDataListExecute:file=xpath.c:line=330:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec > > library function failed: > > func=xmlSecTransformXPathExecute:file=xpath.c:line=430:obj=xpointer:subj=xmlSecXPathDataListExecute:error=1:xmlsec > > library function failed: > > func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2108:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec > > library function failed: > > func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1044:obj=xpointer:subj=xmlSecTransformPushXml:error=1:xmlsec > > library function failed: > > func=xmlSecTransformCtxExecute:file=transforms.c:line=1092:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec > > library function failed: > > func=xmlSecKeyDataRetrievalMethodXmlRead:file=keyinfo.c:line=1108:obj=retrieval-method:subj=xmlSecTransformCtxExecute:error=1:xmlsec > > library function failed: > > func=xmlSecKeyInfoNodeRead:file=keyinfo.c:line=121:obj=retrieval-method:subj=xmlSecKeyDataXmlRead:error=1:xmlsec > > library function failed:node=RetrievalMethod > > func=xmlSecKeysMngrGetKey:file=keys.c:line=1234:obj=unknown:subj=xmlSecKeyInfoNodeRead:error=1:xmlsec > > library function failed:node=KeyInfo > > func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=779:obj=unknown:subj=unknown:error=45:key > > is not found:encMethod=aes256-gcm > > func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=596:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec > > library function failed: > > func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=524:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec > > library function failed: > > Error: failed to decrypt file > > Error: failed to decrypt file "test.xml" > > > > Timothy Legge > > [email protected] > > [email protected] > > > > On Tue, Mar 29, 2022 at 1:25 PM Timothy Legge <[email protected]> wrote: > >> > >> perfect. I do get errors but my laptop is home at the moment. I will > >> test again tonight and let you know. > >> > >> Tim > >> > >> On Tue., Mar. 29, 2022, 12:57 p.m. Aleksey Sanin, <[email protected]> > >> wrote: > >>> > >>> Well, the gcm code for openssl is here: > >>> > >>> https://github.com/lsh123/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L80 > >>> > >>> so adding printfs in these functions would help. > >>> > >>> Do you get any errors? > >>> > >>> Aleksey > >>> > >>> On 3/29/22 11:51 AM, Timothy Legge wrote: > >>>> Hi > >>>> > >>>> I am working on adding support for aes*-gcm to perl's XML::Enc. I can: > >>>> > >>>> 1. Decrypt SAML responses encrypted with aes*-gcm using XML::Enc > >>>> 2. Decrypt xmlsec encrypted aes*-gcm XML using XML::Enc > >>>> 3. Encrypt XML using aes*-gcm with XML::Sec > >>>> 4. Decrypt XML that was encrypted with XML::Sec using ases*-gcm > >>>> > >>>> However, I cannot use xmlsec to decrypt XML::Sec encrypted XML that > >>>> uses aes*-gcm. > >>>> > >>>> I can't think of any issues that would allow me to encrypt and decrypt > >>>> XML successfully with XML::Enc but not allow xmlsec to decrypt those > >>>> files. > >>>> > >>>> I was wondering if there is a debug flag for XML sec that would allow > >>>> me to output the following: > >>>> > >>>> 1. base64 of the CipherValue it reads from the XML file > >>>> 2. base 64 of IV > >>>> 3 base64 of encrypted data > >>>> 4 base 64 of the tag > >>>> 5 base 64 of the key > >>>> > >>>> I don't mind adding some print debugging and recompiling if you can > >>>> point me to a starting place. It has been a while since I wrote much > >>>> C but I have no issues. Finding the correct spot though... > >>>> > >>>> Tim > >>>> > >>>> Timothy Legge > >>>> [email protected] > >>>> [email protected] > >>>> _______________________________________________ > >>>> xmlsec mailing list > >>>> [email protected] > >>>> http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
