<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
You really don't want to put two templates in the same file because<br>
you are encrypting the element and encryption template specifies<br>
just this element.<br>
<pre class="moz-signature" cols="72">Aleksey
</pre>
<br>
On 9/6/11 1:18 AM, <a class="moz-txt-link-abbreviated" href="mailto:Samuel.Lavitt@tectia.com">Samuel.Lavitt@tectia.com</a> wrote:
<blockquote
cite="mid:5A939CACAC208C40ABD19329BAE7A0E7471C65921D@SSHEX01.ad.ssh.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">I am working on a case
where we wish to take a xml message, encrypt it, sign the
encrypted form, and then send that to a server over HTTP.
Obviously XMLSec seems the right tool for the job. I am,
unfortunately, rather inexperienced with XML, and I am
running into issues trying to make a combined
encryption/signing template, but everything I try seems to
fail. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Working from various
samples, I think what I want to do is use a template like:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><?xml version="1.0"
encoding="UTF-8"?><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><xml><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><EncryptedData
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#">"http://www.w3.org/2001/04/xmlenc#"</a>
Type=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#Element">"http://www.w3.org/2001/04/xmlenc#Element"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <EncryptionMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#tripledes-cbc">"http://www.w3.org/2001/04/xmlenc#tripledes-cbc"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyInfo
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <EncryptedKey
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#">"http://www.w3.org/2001/04/xmlenc#"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <EncryptionMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#rsa-1_5">"http://www.w3.org/2001/04/xmlenc#rsa-1_5"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyInfo
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyName/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </KeyInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <CipherData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <CipherValue/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </CipherData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </EncryptedKey><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </KeyInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <CipherData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <CipherValue/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </CipherData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"></EncryptedData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><Signature
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <SignedInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<CanonicalizationMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <SignatureMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <Reference
URI=""><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <Transforms><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <Transform
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>
/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </Transforms><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <DigestValue/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </Reference><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </SignedInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <SignatureValue/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <X509Data><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<X509SubjectName/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<X509IssuerSerial/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<X509Certificate/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </X509Data><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyValue/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </KeyInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"></Signature><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"></xml><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">And I think it should
leave everything for the signature untouched, unfortunately
the output I get after I run “xmlsec1 encrypt --pubkey-pem
ServerKeys/pubkey.pem --session-key des-192 --xml-data
ClientRequest.xml --output ClientEncrypted.xml
EncryptionTemplate.xml” is missing the signature block and
<xml> at the top and bottom.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Currently I have been
working around this manually, I have the following working
encryption template:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><?xml version="1.0"
encoding="UTF-8"?><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><EncryptedData
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#">"http://www.w3.org/2001/04/xmlenc#"</a>
Type=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#Element">"http://www.w3.org/2001/04/xmlenc#Element"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <EncryptionMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#tripledes-cbc">"http://www.w3.org/2001/04/xmlenc#tripledes-cbc"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyInfo
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <EncryptedKey
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#">"http://www.w3.org/2001/04/xmlenc#"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <EncryptionMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/04/xmlenc#rsa-1_5">"http://www.w3.org/2001/04/xmlenc#rsa-1_5"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyInfo
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyName/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </KeyInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <CipherData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <CipherValue/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </CipherData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </EncryptedKey><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </KeyInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <CipherData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <CipherValue/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </CipherData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"></EncryptedData><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I follow this with
adding <Project> above the encrypted data, and
attaching the rest of the signature message after it:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><Signature
xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <SignedInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<CanonicalizationMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <SignatureMethod
Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <Reference
URI=""><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <Transforms><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <Transform
Algorithm=<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>
/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </Transforms><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <DigestMethod
Algorithm=<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<DigestValue></DigestValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </Reference><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </SignedInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <SignatureValue
/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <X509Data ><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<X509SubjectName/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<X509IssuerSerial/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">
<X509Certificate/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </X509Data><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <KeyValue /><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </KeyInfo><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </Signature><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"></Project><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">This appears to work,
but I am sure there is a cleaner way.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks in advance for
any advice or pointing out whatever error it is I am making.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Sam Lavitt</span><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"
lang="EN-US"><o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
xmlsec mailing list
<a class="moz-txt-link-abbreviated" href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>
<a class="moz-txt-link-freetext" href="http://www.aleksey.com/mailman/listinfo/xmlsec">http://www.aleksey.com/mailman/listinfo/xmlsec</a>
</pre>
</blockquote>
</body>
</html>