[xmlsec] detached encrypted key

nitin singh xml_prgrm at yahoo.com
Fri Oct 29 11:38:37 PDT 2004 

Hello,
Here is the example.

<?xml version="1.0"?>
<Envelope>

<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#" Id="ED"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<RetrievalMethod URI="#EK"
Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/>
</KeyInfo>
<CipherData>
<CipherValue>wWismvRBdhesImbEdHUlpvxQs5OHw5U4Oe2KpaKebBfunz1/7plB+Urme0MT8dU9
Y2cX0kBmselmGQBLG5oH14YNaCEyqQ4z5UMb7QucTt2PH4OG/2a3aYPeEGj6zdUu
Hi0IxawMhQ2JhchKmGXo9M3iclf3QUq1cUlbpPbQaU5MghADC+bUajz9IAiCUKNM
WdpGSCqXFn/ycNH3GSGsKDEn/zlmqYnfuMMhQLCyZpkjY2aYObzNxoHXFLlvsAvk
TAkujClmdx52JWk7eAuBaz58GTSokBdHo8/tsPiavH044x8uTngw4vIYMM3nzlxz
6I2HSr8aB/ztCMa+JyxIJ2AEop2SrAsPg9WTCTJSoBXv+97+YLV4pcp2ttyXqGgP</CipherValue>
</CipherData>
</EncryptedData>

<EncryptedKey
xmlns="http://www.w3.org/2001/04/xmlenc#" Id="EK"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>rsakeyvar1.pem</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>JEHLRrvwQwZOLBnfbww6dpdoBPMW71j0X6Ji0OLQmP074kw90MTs95sNi02kBlN9
4p9PC0T0nDFY5U8O+K/p2g==</CipherValue>
</CipherData>
<ReferenceList>
<DataReference URI="#ED"/>
</ReferenceList>
</EncryptedKey>

</Envelope>

My questions are
1. When i try to decrypt the encrypted data element, 
in the key info element, the xmlsec tries to evaluate
the Xpointer expression for the URI attribute of 
RetreivalMethod element and fails as "EK" is not
registered yet.

2. When I try to decrypt the encrypted key element, 
xmlsec tries to replace the encrypted key element, by 
calling xmlSecReplaceNodeBuffer, even though the Type
attribute says "content". I got the internal parser
error. ( there is no well formed xml data, it is key,
so supposedly fails).

Regards
Nitin

--- Aleksey Sanin <aleksey at aleksey.com> wrote:

> > I understand the problem, it is like Xpointer
> > evaluation
> >  of URI attribute in RetreivalMethod fails because
> the
> > ID attribute of Encrypted Key is still not
> registered
> > with the libxml2.
> Not sure I understand this. xmlsec first parses the
> XML
> using libxml2 and most of ID attributes are
> registered
> *before* xmlsec code is executed. xmlsec does
> register
> ID attributes for XMLEnc and XMLDSig schema
> automatically
> and it is one of the first things xmlsec is doing.
> 
> > I know that xmlsec registers these ID attributes
> only
> > when 
> > reading the Encrypted key or Encrypted Data
> elements.
> I think you are mistaken or I don't understand what
> you mean.
> 
> A *small* example that demonstrates your problem
> will be helpful.
> 
> Aleksey
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail

More information about the xmlsec mailing list