[xmlsec] Re: XML-ENC questions

Aleksey Sanin aleksey at aleksey.com
Wed Jun 30 03:04:08 PDT 2004

Veiko.Sinivee at seb.se wrote:

> Note that you are mixing MimeType and Type attributes. The only two
> defined values for Type attribute are "content" and "element" :
> http://www.w3.org/TR/xmlenc-core/#sec-Processing-Decryption
> Well I understood if differently. Here it says:
> 5. Process decrypted data if Type is unspecified or is not 'element' or element 'content'.
> and then in paragraph 4.3 it says:
> For example, if the application wishes to canonicalize its data or encode/compress the data in an XML packaging format, the application needs to marshal the XML accordingly and identify the resulting type via the EncryptedData Type attribute
> I understood this that if I want to compress xml data before
> encryption then I should use:
> <EncryptedData Type="http://www.isi.edu/in-notes/iana/assignments/media-types/application/zip">
> ...
> Did I miss something ? It says here pretty clearly that I have
> to indicate this using the Type atribute?

Yes, you can. But it will not be something defined in the spec or
implemented in xmlsec :)

> No, you need only one keys manager. Just make sure that you can identify
> correct encryption key from each EncryptedKey (e.g. using key name ==
> cert subject).
> Thank's I'll try that. So do you then set KeyName to subjects DN or CN ?
KeyName is arbitrary string. It's up to application to decide what it is
in each partiular case. key name == cert subject was just an example.

> 2) Next you need to put <X509Data/> into the template. You can further
> specify what exactly do you want with <X509Data/> children (e.g.
> <X509SKI>, etc.)
> Does this work also with "dynamic template" like encrypt3.c sample?
Yes. Dynamic and static templates are only different on the template
creation stage :)


More information about the xmlsec mailing list