[xmlsec] encryption works but decryption failed

Aleksey Sanin aleksey at aleksey.com
Fri Jan 18 11:38:24 PST 2008 

Oh, never mine. I got it. You specify "session key" and
in this case you *must* add <EncryptedKey> to the template
to actually store the session key. Checkout examples
in xmlsec/tests/aleksey-xmlenc-01

Aleksey

Balakrishnan Viswanathan wrote:
> Aleksey,
> 
> I tried that already and same result, commands below:-
> 
> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
> --binary-da
> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem --output
> testenc.x
> ml template2withoutKeyName.xml
> 
> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad testenc.xml
> 
> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
> --privkey-p
> em leafkey.pem --output testdecrypt.xml testenc.xml
> Enter password for "leafkey.pem" file:
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
> xmlSecKe
> ysMngrFindKey:error=1:xmlsec library function failed:
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
> wn:subj=
> unknown:error=45:key is not found:
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
> wn:subj=
> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
> xmlSecEn
> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
> Error: failed to decrypt file
> Error: failed to decrypt file "testenc.xml"
> 
> -Bala
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Friday, January 18, 2008 11:30 AM
> To: Balakrishnan Viswanathan
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] encryption works but decryption failed
> 
> Could you please to try to remove the KeyName and
> do *not* specify key name in the command line?
> 
> Aleksey
> 
> Balakrishnan Viswanathan wrote:
>> Aleksey,
>>
>> Thanks for your quick response. I tried removing the <KeyName/> from
> the
>> template and also specified the KeyName for encrypt and decrypt, but
>> decrypt still fails with "key not found" error
>>
>>
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
>> --binary-da
>> ta test.xml --session-key des-192 --pubkey-pem:leaf-key leafkeypub.pem
>> --output
>> testenc.xml template2withoutKeyName.xml
>>
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
> testenc.xml
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
>> --privkey-p
>> em:leaf-key leafkey.pem --output testdecrypt.xml testenc.xml
>> Enter password for "leafkey.pem" file:
>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>> xmlSecKe
>> ysMngrFindKey:error=1:xmlsec library function failed:
>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>> wn:subj=
>> unknown:error=45:key is not found:
>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>> wn:subj=
>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>> xmlSecEn
>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>> Error: failed to decrypt file
>> Error: failed to decrypt file "testenc.xml"
>>
>>
>> I am attaching the template and encrypted document. Thanks.
>>
>> -Bala
>>
>> -----Original Message-----
>> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
>> Sent: Friday, January 18, 2008 10:37 AM
>> To: Balakrishnan Viswanathan
>> Cc: xmlsec at aleksey.com
>> Subject: Re: [xmlsec] encryption works but decryption failed
>>
>> Most likely the cause of the problem is "empty"
>> KeyName node. Try to remove it from the template
>> or specify key name in the command line options
>> for both encryption and decryption.
>>
>> Aleksey
>>
>> Balakrishnan Viswanathan wrote:
>>> Hi All,
>>>
>>>  
>>>
>>> I am a newbie to xmlsec and also to security in general. I am trying
>> to 
>>> use xmlsec utility to encrypt and decrypt using the windows binary 
>>> provided by Igor. I am able to successfully encrypt a xml file using
>> syntax
>>>  
>>>
>>> Encryption:-
>>>
>>>  
>>>
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt 
>>> --binary-da
>>>
>>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
> --output
>>> testenc.x
>>>
>>> ml template2.xml
>>>
>>>  
>>>
>>> the above works and I can see the encrypted data in <ciphervalue>
> node
>>> of the output document testenc.xml (also attached).
>>>
>>>  
>>>
>>> However, when I try the reverse, i.e, decrypting the document from
>> above 
>>> step I get error below
>>>
>>>  
>>>
>>> Decryption fails:-
>>>
>>>  
>>>
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt 
>>> --privkey-p
>>>
>>> em leafkey.pem --output testdecrypt.xml testenc.xml
>>>
>>> Enter password for "leafkey.pem" file:
>>>
>>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>> xmlSecKe
>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>
>>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>> wn:subj=
>>> unknown:error=45:key is not found:
>>>
>>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>> wn:subj=
>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>>
>>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>> xmlSecEn
>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>>
>>> Error: failed to decrypt file
>>>
>>> Error: failed to decrypt file "testenc.xml"
>>>
>>>  
>>>
>>> The error says "key not found", but key is in the same folder where I
>> am 
>>> running it from. I am also attaching the private key (password -
> leaf)
>>> and public key that corresponds to it
>>>
>>>  
>>>
>>> I am attaching all the relevant files. Any pointers are appreciated.
>> Thanks.
>>>  
>>>
>>> -Bala
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>
>>>
> ------------------------------------------------------------------------
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
>>>
> ------------------------------------------------------------------------
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list