[xmlsec] Re: Single-alone EncryptedKey Handle

Aleksey Sanin aleksey@aleksey.com
Sat, 31 May 2003 01:44:47 -0700


Andrew,

First of all, please use xmlsec mailing list instead of my
personal email. "Aleksey & All" on my personal email makes
me feel uncomfortable :)

Now back to your question. There is a way to do it:

1) Prepare <EncryptedKey/> template either by hand or with
xmlSecTmplKeyInfoAddEncryptedKey() function (just ignore
"KeyInfo" in the name of the function and in the name of
the first parameter, supply any node as parent instead :) ).
2) Select/generate the session key.
3) Encrypt this key in the created <EncryptedKey/> template
with xmlSecEncCtxBinaryEncrypt() function as usual.
4) Now create/load <EncryptedData/> template as usual,
you may use xmlSecTmplKeyInfoAddRetrievalMethod() function
to add <RetrievalMethod/> node.
5) Create xmlSecEncCtx and set the session key from step 2)
in "encKey" member.
6) Do encryption as usual.


The process seems to be long but it actually very simple.
There are too many possible options here and I am not sure
I have any good idea on how to simplify it w/o adding too
much internal complexity.


Aleksey.




Andrew Fan wrote:

> Hi Aleksey & All,
>
> I want to support single-alone EncryptedKey  which refereneced by the 
> RetrivalMethod of the KeyInfo inside a EncrypedData, such as:
>
>  [t01] <EncryptedData Id='ED'         
> xmlns='http://www.w3.org/2001/04/xmlenc#'>
>  [t02]   <EncryptionMethod           
> Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/>
>  [t03]   <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
>  [t04]     <ds:RetrievalMethod URI='#EK'
>             Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/>
>  [t05]     <ds:KeyName>Sally Doe</ds:KeyName>
>  [t06]   </ds:KeyInfo>
>  [t07]   <CipherData><CipherValue>DEADBEEF</CipherValue></CipherData>
>  [t08] </EncryptedData>
>
>
>  [t09] <EncryptedKey Id='EK' xmlns='http://www.w3.org/2001/04/xmlenc#'>
>  [t10]   <EncryptionMethod           
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>  [t11]   <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
>  [t12]     <ds:KeyName>John Smith</ds:KeyName>
>  [t13]   </ds:KeyInfo>
>  [t14]   <CipherData><CipherValue>xyzabc</CipherValue></CipherData>
>  [t15]   <ReferenceList>
>  [t16]     <DataReference URI='#ED'/>
>  [t17]   </ReferenceList>
>  [t18]   <CarriedKeyName>Sally Doe</CarriedKeyName>
>  [t19] </EncryptedKey>
>
>
> And I have not found the suitable interfaces. What can I do? Can you 
> give me some suggestions?
>
> Thanks,
> Andrew