[xmlsec] Re: Interoperability with libxmlsec

Aleksey Sanin aleksey at aleksey.com
Tue Mar 8 01:02:59 PST 2005


How about reading the spec?

http://www.w3.org/TR/xmlenc-core/#sec-Alg-Block

Aleksey

Veiko.Sinivee at seb.se wrote:
> Hi!
> 
> I wrote a Java library that also produces encrypted xml files based
> On the XML-ENC standard. In order to verify that I'm doing everything 
> correctly
> I tried to create a document in a similar format using your libxmlsec and
> Xmlsec1 utility and decrypt it with my library. This almost worked.
> Only I believe my padding and/or IV vector is wrong. Here's the template
> File I used with your xmlenc1 utility. My Java code always set IV vector to
> 0 (e.g 16 bytes filled with 0 -s). You probably use some random value, 
> right?
> Can you suggest how to get this IV value? Could it be the first 16 bytes of
> Base64 decrypted (still AES 128 encrypted) data or something else?
> Also I use padding (probably called PKCS7 padding) meaning that the
> Last byte of the last 16 bytes of encrypted data is the number of
> Pad bytes. The pad-bytes before this last pad byte are all filled with 0.
> You don't seem to do it like that but this may be only because i got the
> IV vector wrong and I just don't see the right last 16 bytes.
> If you notice any other errors I might have in my template then please
> Tell me about it.
> 
> Regards,
> 
> Veiko Sinivee
> <<xmlsec-templ.xml>>
> 
> 
> ------------------------------------------------------------------------
> 
> <?xml version="1.0"?>
> <denc:EncryptedData xmlns:denc="http://www.w3.org/2001/04/xmlenc#">
>     <denc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
>     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>       <denc:EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#" Recipient="Veiko">
>       <denc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>       <ds:KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>         <ds:KeyName/>
>         <ds:X509Data> 
>           <ds:X509Certificate/>
>         </ds:X509Data>
>       </ds:KeyInfo>
>       <denc:CipherData>
>         <denc:CipherValue/>
>       </denc:CipherData>
>       </denc:EncryptedKey>
>     </ds:KeyInfo>   
>     <denc:CipherData>
> 	<denc:CipherValue/>
>     </denc:CipherData>
>   <denc:EncryptionProperties><denc:EncryptionProperty Name="LibraryVersion">xmlsec1|1.2.5</denc:EncryptionProperty><denc:EncryptionProperty Name="DocumentFormat">ENCDOC-XML|1.0</denc:EncryptionProperty><denc:EncryptionProperty Name="Filename">jdigidoc.cfg</denc:EncryptionProperty><denc:EncryptionProperty Name="OriginalSize">3891</denc:EncryptionProperty></denc:EncryptionProperties>
> </denc:EncryptedData>



More information about the xmlsec mailing list