[xmlsec] Wrong key selection in simple keys store?

Wouter wsh at xs4all.nl
Sun Sep 14 01:02:17 PDT 2003


Possibly true what you're stating, but this situation is actually
occurring when running the encryption test suite. For example the
command:
"xmlsec encrypt  --crypto-config ../tests --keys-file
../tests/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name
--xml-data ../tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.data
--node-name http://example.org/paymentv2:CreditCard --output
/tmp/testEnc.20030912_215437-600.tmp
../tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.tmpl" will load
the 256 bits aes key for creating the the encrypted data, which is of
type aes-128 encryption.... 

Perhaps the test needs to be adjusted then? 

Wouter

> -----Original Message-----
> From: Rich Salz [mailto:rsalz at datapower.com] 
> Sent: Saturday, September 13, 2003 22:46
> To: Aleksey Sanin
> Cc: Wouter; xmlsec at aleksey.com
> Subject: Re: [xmlsec] Wrong key selection in simple keys store?
> 
> 
> > And in general, I would not recommend to search for keys without 
> > specifying a unique key name. It sounds like a good way to get 
> > yourself in trouble.
> 
> Strongly agree.  Unless the keystore has exactly one key, I 
> think a name (or some other identifying information) should 
> be required.
> 
> Ambiguity in signing is a bad idea. :)
> 	/r$
> 
> --
> Rich Salz                  Chief Security Architect
> DataPower Technology       http://www.datapower.com
> XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
> XML Security Overview      
> http://www.datapower.com/xmldev/xmlsecurity.ht> ml
> 
> 




More information about the xmlsec mailing list