[xmlsec] encryption works but decryption failed

Balakrishnan Viswanathan bviswana at tibco.com
Fri Jan 18 12:15:51 PST 2008


Aleksey,

Sorry for being a bit dense. This node is already in the template and
yes I am using pub key?. 

-Bala

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Friday, January 18, 2008 12:04 PM
To: Balakrishnan Viswanathan
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] encryption works but decryption failed

<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />

and you are using public key...

Aleksey

Balakrishnan Viswanathan wrote:
> Aleksey
> 
> I took the template 
> 
>
http://svn.gnome.org/viewvc/xmlsec/trunk/tests/aleksey-xmlenc-01/enc-des
> 3cbc-aes192-keyname.tmpl?view=markup
> 
> and this time even encrypt failed with "key not found error"
> 
> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
> --binary-da
> ta test.xml --session-key aes-192 --pubkey-pem:test-aes192
> leafkeypub.pem --outp
> ut testenc.xml templatefromaleksey.xml
>
func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
> wn:subj=
> unknown:error=45:key is not found:
>
func=xmlSecEncCtxUriEncrypt:file=..\src\xmlenc.c:line=527:obj=unknown:su
> bj=xmlSe
> cEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
> Error: failed to encrypt file "test.xml"
> Error: failed to encrypt file with template "templatefromaleksey.xml"
> 
> 
> -Bala
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Friday, January 18, 2008 11:38 AM
> To: Balakrishnan Viswanathan
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] encryption works but decryption failed
> 
> Oh, never mine. I got it. You specify "session key" and
> in this case you *must* add <EncryptedKey> to the template
> to actually store the session key. Checkout examples
> in xmlsec/tests/aleksey-xmlenc-01
> 
> Aleksey
> 
> Balakrishnan Viswanathan wrote:
>> Aleksey,
>>
>> I tried that already and same result, commands below:-
>>
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
>> --binary-da
>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
--output
>> testenc.x
>> ml template2withoutKeyName.xml
>>
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
> testenc.xml
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
>> --privkey-p
>> em leafkey.pem --output testdecrypt.xml testenc.xml
>> Enter password for "leafkey.pem" file:
>>
>
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>> xmlSecKe
>> ysMngrFindKey:error=1:xmlsec library function failed:
>>
>
func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>> wn:subj=
>> unknown:error=45:key is not found:
>>
>
func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>> wn:subj=
>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>
>
func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>> xmlSecEn
>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>> Error: failed to decrypt file
>> Error: failed to decrypt file "testenc.xml"
>>
>> -Bala
>>
>> -----Original Message-----
>> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
>> Sent: Friday, January 18, 2008 11:30 AM
>> To: Balakrishnan Viswanathan
>> Cc: xmlsec at aleksey.com
>> Subject: Re: [xmlsec] encryption works but decryption failed
>>
>> Could you please to try to remove the KeyName and
>> do *not* specify key name in the command line?
>>
>> Aleksey
>>
>> Balakrishnan Viswanathan wrote:
>>> Aleksey,
>>>
>>> Thanks for your quick response. I tried removing the <KeyName/> from
>> the
>>> template and also specified the KeyName for encrypt and decrypt, but
>>> decrypt still fails with "key not found" error
>>>
>>>
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
>>> --binary-da
>>> ta test.xml --session-key des-192 --pubkey-pem:leaf-key
> leafkeypub.pem
>>> --output
>>> testenc.xml template2withoutKeyName.xml
>>>
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
>> testenc.xml
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
>>> --privkey-p
>>> em:leaf-key leafkey.pem --output testdecrypt.xml testenc.xml
>>> Enter password for "leafkey.pem" file:
>>>
>
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>>> xmlSecKe
>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>
>
func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>> wn:subj=
>>> unknown:error=45:key is not found:
>>>
>
func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>>> wn:subj=
>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>>
>
func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>>> xmlSecEn
>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>> Error: failed to decrypt file
>>> Error: failed to decrypt file "testenc.xml"
>>>
>>>
>>> I am attaching the template and encrypted document. Thanks.
>>>
>>> -Bala
>>>
>>> -----Original Message-----
>>> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
>>> Sent: Friday, January 18, 2008 10:37 AM
>>> To: Balakrishnan Viswanathan
>>> Cc: xmlsec at aleksey.com
>>> Subject: Re: [xmlsec] encryption works but decryption failed
>>>
>>> Most likely the cause of the problem is "empty"
>>> KeyName node. Try to remove it from the template
>>> or specify key name in the command line options
>>> for both encryption and decryption.
>>>
>>> Aleksey
>>>
>>> Balakrishnan Viswanathan wrote:
>>>> Hi All,
>>>>
>>>>  
>>>>
>>>> I am a newbie to xmlsec and also to security in general. I am
trying
>>> to 
>>>> use xmlsec utility to encrypt and decrypt using the windows binary 
>>>> provided by Igor. I am able to successfully encrypt a xml file
using
>>> syntax
>>>>  
>>>>
>>>> Encryption:-
>>>>
>>>>  
>>>>
>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
--encrypt
> 
>>>> --binary-da
>>>>
>>>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
>> --output
>>>> testenc.x
>>>>
>>>> ml template2.xml
>>>>
>>>>  
>>>>
>>>> the above works and I can see the encrypted data in <ciphervalue>
>> node
>>>> of the output document testenc.xml (also attached).
>>>>
>>>>  
>>>>
>>>> However, when I try the reverse, i.e, decrypting the document from
>>> above 
>>>> step I get error below
>>>>
>>>>  
>>>>
>>>> Decryption fails:-
>>>>
>>>>  
>>>>
>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
--decrypt
> 
>>>> --privkey-p
>>>>
>>>> em leafkey.pem --output testdecrypt.xml testenc.xml
>>>>
>>>> Enter password for "leafkey.pem" file:
>>>>
>>>>
>
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>>> xmlSecKe
>>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>>
>>>>
>
func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>> wn:subj=
>>>> unknown:error=45:key is not found:
>>>>
>>>>
>
func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>>> wn:subj=
>>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>>>
>>>>
>
func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>>> xmlSecEn
>>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>>>
>>>> Error: failed to decrypt file
>>>>
>>>> Error: failed to decrypt file "testenc.xml"
>>>>
>>>>  
>>>>
>>>> The error says "key not found", but key is in the same folder where
> I
>>> am 
>>>> running it from. I am also attaching the private key (password -
>> leaf)
>>>> and public key that corresponds to it
>>>>
>>>>  
>>>>
>>>> I am attaching all the relevant files. Any pointers are
appreciated.
>>> Thanks.
>>>>  
>>>>
>>>> -Bala
>>>>
>>>>  
>>>>
>>>>  
>>>>
>>>>  
>>>>
>>>>
>>>>
>
------------------------------------------------------------------------
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>
>>>>
>
------------------------------------------------------------------------
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec



More information about the xmlsec mailing list