[xmlsec] Encrypting/Decrypting XML is stripping some schema
prefixes
Aleksey Sanin
aleksey at aleksey.com
Mon Nov 15 13:00:34 PST 2004
Well, your example can be made more simple (see attached files).
However, I can not reproduce your problem:
$ xmlsec1 encrypt --xml-data pre_encrypted.xml --deskey deskey.bin
--output encrypted.xml template.xml
$ xmlsec1 decrypt --deskey deskey.bin encrypted.xml
<?xml version="1.0"?>
<Batch>
<PackSlip>
<CreditCardNumber
xml:id="id138">1234-5678-0000-1234</CreditCardNumber>
<CustomerServiceNumber>1.800.555.1212</CustomerServiceNumber>
<OrderNumber>0000000802</OrderNumber>
</PackSlip>
</Batch>
Which version of libxml2 are you using?
Aleksey
Robert Fox wrote:
> Well, this is about as simple as I can make it. I hope this is what you
> are looking for. Do you want this posted to the group as well?
>
> STEP 1. My XML after it has been signed, but before it has been
> encrypted:
> ATTACHMENT: 1_signed_pre_encrypt.xml
>
> Please note that the element "CreditCardNumber" has xml:id="id138", and
> that the signature reference block points to it
>
> STEP 2: My XML after encrypting the CreditCardNumber element:
> ATTACHMENT: 2_signed_and_encrypted.xml
>
> STEP 3: I then reverse the process, I first decrypt the encrypted XML,
> which leaves me with:
> ATTACHMENT: 3_decrypted_signed.xml
>
> You will notice that now my CreditCardNumber element has id="id138" and
> the 'xml:' is omitted
>
> Step 4: verify signature yields the obvious error:
>
> Verifying XML Signature: expr=xpointer(id('id138')), reason: libxml2
> library function failed, subject: xmlXPtrEval (file: ..\src\xpath.c,
> line: 273)
>
> I used the same certificate to sign and encrypt the data. I have
> attached the X.509 certificate (test.pfx password: test) to test with.
> Please let me know if this is what you were looking for. Thanx!
>
> ~Rob
>
>
>
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
> Sent: Monday, November 15, 2004 11:45 AM
> To: Robert Fox
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] Encrypting/Decrypting XML is stripping some schema
> prefixes
>
>
> Can you provide a small example that demonstrates the problem, please?
>
> Aleksey
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0"?>
> <Batch>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#id138">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>F0SuIS0jfHGgCZppCBBnPELusDE=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>oYfmWFvJ8O7hyucuhlKH14OTDLK3XRacwxsgQ4Yu7Q4aSuT8FlDlbyT7/IVMxcrr
> UCcuzlZhKnRWIA4Wre2P0aNvgdqgJeNQ0Osr/q8kOCNXdmm6+/G1CsMQgwK10Lz7
> f9a803XVxgBnNMFIRGOMckOTjBRjxdbEJAgFeS563jI=</SignatureValue>
> <KeyInfo>
> <KeyValue>
> <RSAKeyValue>
> <Modulus>
> vp5v0jwt5FUp2tPqvsB1N+sWf4sNfOLqv4UZ9eMHJtbMzIhCWFeMEJV5GZ3M4GWX
> 1C4XmgWmGzRIKagY2++lEfHBUWEE1nL2RcKNW23WzceLbj7IlAe+ZNeDfd9ngLRL
> Zf50Nu57pJzhj9glrGfR6q+roKB8EfPqy7D60Z6UeBM=
> </Modulus>
> <Exponent>
> AQAB
> </Exponent>
> </RSAKeyValue>
> </KeyValue>
> </KeyInfo>
> </Signature>
> <PackSlip>
> <Title>Our Store 2 Your Door Pack Slip</Title>
> <HeaderCompanyName>Our Store 2 Your Door</HeaderCompanyName>
> <HeaderCompanyAddress>123 Dinero Lane</HeaderCompanyAddress>
> <HeaderCompanyCity>New York</HeaderCompanyCity>
> <HeaderCompanyState>NY</HeaderCompanyState>
> <HeaderCompanyZip>10011</HeaderCompanyZip>
> <HeaderCompanyContactPhone>1.800.555.1212</HeaderCompanyContactPhone>
> <HeaderCompanyContactWeb>www.OurStore2YourDoor.com</HeaderCompanyContactWeb>
> <CreditCardNumber id="id138">1234-5678-0000-1234</CreditCardNumber>
> <CustomerServiceNumber>1.800.555.1212</CustomerServiceNumber>
> <OrderNumber>0000000802</OrderNumber>
> <OrderedBy>
> <CustomerName>Michael Sturgeon</CustomerName>
> <CustomerAddress1>136 Lake Drive</CustomerAddress1>
> <CustomerCity>Petosky</CustomerCity>
> <CustomerState>MI</CustomerState>
> <CustomerZip>50422</CustomerZip>
> <CustomerPhone>8606490271</CustomerPhone>
> </OrderedBy>
> <ShipTo>
> <CustomerName>Michael Sturgeon</CustomerName>
> <CustomerAddress1>136 Lake Drive</CustomerAddress1>
> <CustomerAddress2>Petosky, MI 50422
> <Quantity>1</Quantity>
> <Description>1953 Replica Juke Box</Description>
> <Size>N/A</Size>
> <Color>N/A</Color>
> <Quantity>1</Quantity>
> <Description>Antique Radio</Description>
> <Size>N/A</Size>
> <Color>Faux Wood</Color>
> <Quantity>1</Quantity>
> <Description>Maple Syrup Dispensor</Description>
> <Size>N/A</Size>
> <Color>Silver</Color>
> </CustomerAddress2>
> </ShipTo>
> <ReturnInstructions>If this merchandise was damaged in shipment please call Customer Service at 1.800.555.1212. Please do not return the merchandise.</ReturnInstructions>
> </PackSlip>
> </Batch>
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0"?>
> <Batch>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#id138">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>F0SuIS0jfHGgCZppCBBnPELusDE=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>oYfmWFvJ8O7hyucuhlKH14OTDLK3XRacwxsgQ4Yu7Q4aSuT8FlDlbyT7/IVMxcrr
> UCcuzlZhKnRWIA4Wre2P0aNvgdqgJeNQ0Osr/q8kOCNXdmm6+/G1CsMQgwK10Lz7
> f9a803XVxgBnNMFIRGOMckOTjBRjxdbEJAgFeS563jI=</SignatureValue>
> <KeyInfo>
> <KeyValue>
> <RSAKeyValue>
> <Modulus>
> vp5v0jwt5FUp2tPqvsB1N+sWf4sNfOLqv4UZ9eMHJtbMzIhCWFeMEJV5GZ3M4GWX
> 1C4XmgWmGzRIKagY2++lEfHBUWEE1nL2RcKNW23WzceLbj7IlAe+ZNeDfd9ngLRL
> Zf50Nu57pJzhj9glrGfR6q+roKB8EfPqy7D60Z6UeBM=
> </Modulus>
> <Exponent>
> AQAB
> </Exponent>
> </RSAKeyValue>
> </KeyValue>
> </KeyInfo>
> </Signature>
> <PackSlip>
> <Title>Our Store 2 Your Door Pack Slip</Title>
> <HeaderCompanyName>Our Store 2 Your Door</HeaderCompanyName>
> <HeaderCompanyAddress>123 Dinero Lane</HeaderCompanyAddress>
> <HeaderCompanyCity>New York</HeaderCompanyCity>
> <HeaderCompanyState>NY</HeaderCompanyState>
> <HeaderCompanyZip>10011</HeaderCompanyZip>
> <HeaderCompanyContactPhone>1.800.555.1212</HeaderCompanyContactPhone>
> <HeaderCompanyContactWeb>www.OurStore2YourDoor.com</HeaderCompanyContactWeb>
> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> <CipherData>
> <CipherValue>AEg9JSlB72dDWhPGxMze7LwfILang9Hq0DSyy9WCwTxsIi2mBf6lAYC8yoe8Gzwd
> ABxcbFE6qVtYNQ0t5M1mavqZbWbgNjclXg85qo3YWrV7axQVU4+PdC1oOvB0BWbi
> yw0D+u+NLDB3kp9hdjPGCcbrWJggqLCSNT6VWcXebQA=</CipherValue>
> </CipherData>
> </EncryptedKey>
> </KeyInfo>
> <CipherData>
> <CipherValue>0HZiGv4n8jXGKAOXDmYgoEAmLzff0kxhVOixmqzyyMBnsKvSA0ioke/EyxcGEbA7
> HS7G2Oc6PDusYB0MUDSCOWCk8vN1gModDd3DLTmSXxA=</CipherValue>
> </CipherData>
> </EncryptedData>
> <CustomerServiceNumber>1.800.555.1212</CustomerServiceNumber>
> <OrderNumber>0000000802</OrderNumber>
> <OrderedBy>
> <CustomerName>Michael Sturgeon</CustomerName>
> <CustomerAddress1>136 Lake Drive</CustomerAddress1>
> <CustomerCity>Petosky</CustomerCity>
> <CustomerState>MI</CustomerState>
> <CustomerZip>50422</CustomerZip>
> <CustomerPhone>8606490271</CustomerPhone>
> </OrderedBy>
> <ShipTo>
> <CustomerName>Michael Sturgeon</CustomerName>
> <CustomerAddress1>136 Lake Drive</CustomerAddress1>
> <CustomerAddress2>Petosky, MI 50422
> <Quantity>1</Quantity>
> <Description>1953 Replica Juke Box</Description>
> <Size>N/A</Size>
> <Color>N/A</Color>
> <Quantity>1</Quantity>
> <Description>Antique Radio</Description>
> <Size>N/A</Size>
> <Color>Faux Wood</Color>
> <Quantity>1</Quantity>
> <Description>Maple Syrup Dispensor</Description>
> <Size>N/A</Size>
> <Color>Silver</Color>
> </CustomerAddress2>
> </ShipTo>
> <ReturnInstructions>If this merchandise was damaged in shipment please call Customer Service at 1.800.555.1212. Please do not return the merchandise.</ReturnInstructions>
> </PackSlip>
> </Batch>
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0"?>
> <Batch>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#id138">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>F0SuIS0jfHGgCZppCBBnPELusDE=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>oYfmWFvJ8O7hyucuhlKH14OTDLK3XRacwxsgQ4Yu7Q4aSuT8FlDlbyT7/IVMxcrr
> UCcuzlZhKnRWIA4Wre2P0aNvgdqgJeNQ0Osr/q8kOCNXdmm6+/G1CsMQgwK10Lz7
> f9a803XVxgBnNMFIRGOMckOTjBRjxdbEJAgFeS563jI=</SignatureValue>
> <KeyInfo>
> <KeyValue>
> <RSAKeyValue>
> <Modulus>
> vp5v0jwt5FUp2tPqvsB1N+sWf4sNfOLqv4UZ9eMHJtbMzIhCWFeMEJV5GZ3M4GWX
> 1C4XmgWmGzRIKagY2++lEfHBUWEE1nL2RcKNW23WzceLbj7IlAe+ZNeDfd9ngLRL
> Zf50Nu57pJzhj9glrGfR6q+roKB8EfPqy7D60Z6UeBM=
> </Modulus>
> <Exponent>
> AQAB
> </Exponent>
> </RSAKeyValue>
> </KeyValue>
> </KeyInfo>
> </Signature>
> <PackSlip>
> <Title>Our Store 2 Your Door Pack Slip</Title>
> <HeaderCompanyName>Our Store 2 Your Door</HeaderCompanyName>
> <HeaderCompanyAddress>123 Dinero Lane</HeaderCompanyAddress>
> <HeaderCompanyCity>New York</HeaderCompanyCity>
> <HeaderCompanyState>NY</HeaderCompanyState>
> <HeaderCompanyZip>10011</HeaderCompanyZip>
> <HeaderCompanyContactPhone>1.800.555.1212</HeaderCompanyContactPhone>
> <HeaderCompanyContactWeb>www.OurStore2YourDoor.com</HeaderCompanyContactWeb>
> <CreditCardNumber xml:id="id138">1234-5678-0000-1234</CreditCardNumber>
> <CustomerServiceNumber>1.800.555.1212</CustomerServiceNumber>
> <OrderNumber>0000000802</OrderNumber>
> <OrderedBy>
> <CustomerName>Michael Sturgeon</CustomerName>
> <CustomerAddress1>136 Lake Drive</CustomerAddress1>
> <CustomerCity>Petosky</CustomerCity>
> <CustomerState>MI</CustomerState>
> <CustomerZip>50422</CustomerZip>
> <CustomerPhone>8606490271</CustomerPhone>
> </OrderedBy>
> <ShipTo>
> <CustomerName>Michael Sturgeon</CustomerName>
> <CustomerAddress1>136 Lake Drive</CustomerAddress1>
> <CustomerAddress2>Petosky, MI 50422
> <Quantity>1</Quantity>
> <Description>1953 Replica Juke Box</Description>
> <Size>N/A</Size>
> <Color>N/A</Color>
> <Quantity>1</Quantity>
> <Description>Antique Radio</Description>
> <Size>N/A</Size>
> <Color>Faux Wood</Color>
> <Quantity>1</Quantity>
> <Description>Maple Syrup Dispensor</Description>
> <Size>N/A</Size>
> <Color>Silver</Color>
> </CustomerAddress2>
> </ShipTo>
> <ReturnInstructions>If this merchandise was damaged in shipment please call Customer Service at 1.800.555.1212. Please do not return the merchandise.</ReturnInstructions>
> </PackSlip>
> </Batch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.tar.gz
Type: application/x-gzip
Size: 848 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20041115/f573901c/test.tar-0002.bin
More information about the xmlsec
mailing list