[xmlsec] encryption works but decryption failed

Aleksey Sanin aleksey at aleksey.com
Fri Jan 18 11:29:36 PST 2008 

Could you please to try to remove the KeyName and
do *not* specify key name in the command line?

Aleksey

Balakrishnan Viswanathan wrote:
> Aleksey,
> 
> Thanks for your quick response. I tried removing the <KeyName/> from the
> template and also specified the KeyName for encrypt and decrypt, but
> decrypt still fails with "key not found" error
> 
> 
> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
> --binary-da
> ta test.xml --session-key des-192 --pubkey-pem:leaf-key leafkeypub.pem
> --output
> testenc.xml template2withoutKeyName.xml
> 
> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad testenc.xml
> 
> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
> --privkey-p
> em:leaf-key leafkey.pem --output testdecrypt.xml testenc.xml
> Enter password for "leafkey.pem" file:
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
> xmlSecKe
> ysMngrFindKey:error=1:xmlsec library function failed:
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
> wn:subj=
> unknown:error=45:key is not found:
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
> wn:subj=
> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
> xmlSecEn
> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
> Error: failed to decrypt file
> Error: failed to decrypt file "testenc.xml"
> 
> 
> I am attaching the template and encrypted document. Thanks.
> 
> -Bala
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Friday, January 18, 2008 10:37 AM
> To: Balakrishnan Viswanathan
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] encryption works but decryption failed
> 
> Most likely the cause of the problem is "empty"
> KeyName node. Try to remove it from the template
> or specify key name in the command line options
> for both encryption and decryption.
> 
> Aleksey
> 
> Balakrishnan Viswanathan wrote:
>> Hi All,
>>
>>  
>>
>> I am a newbie to xmlsec and also to security in general. I am trying
> to 
>> use xmlsec utility to encrypt and decrypt using the windows binary 
>> provided by Igor. I am able to successfully encrypt a xml file using
> syntax
>>  
>>
>> Encryption:-
>>
>>  
>>
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt 
>> --binary-da
>>
>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem --output
> 
>> testenc.x
>>
>> ml template2.xml
>>
>>  
>>
>> the above works and I can see the encrypted data in <ciphervalue> node
> 
>> of the output document testenc.xml (also attached).
>>
>>  
>>
>> However, when I try the reverse, i.e, decrypting the document from
> above 
>> step I get error below
>>
>>  
>>
>> Decryption fails:-
>>
>>  
>>
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt 
>> --privkey-p
>>
>> em leafkey.pem --output testdecrypt.xml testenc.xml
>>
>> Enter password for "leafkey.pem" file:
>>
>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
> xmlSecKe
>> ysMngrFindKey:error=1:xmlsec library function failed:
>>
>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
> wn:subj=
>> unknown:error=45:key is not found:
>>
>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
> wn:subj=
>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>
>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
> xmlSecEn
>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>
>> Error: failed to decrypt file
>>
>> Error: failed to decrypt file "testenc.xml"
>>
>>  
>>
>> The error says "key not found", but key is in the same folder where I
> am 
>> running it from. I am also attaching the private key (password - leaf)
> 
>> and public key that corresponds to it
>>
>>  
>>
>> I am attaching all the relevant files. Any pointers are appreciated.
> Thanks.
>>  
>>
>> -Bala
>>
>>  
>>
>>  
>>
>>  
>>
>>
>>
> ------------------------------------------------------------------------
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list