[xmlsec] encryption works but decryption failed

Aleksey Sanin aleksey at aleksey.com
Fri Jan 18 13:22:51 PST 2008 

Well, your public key can not be used for AES192 encryption
requested by the template.

Aleksey

Balakrishnan Viswanathan wrote:
> Aleksey,
> 
> Sorry for being a bit dense. This node is already in the template and
> yes I am using pub key?. 
> 
> -Bala
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Friday, January 18, 2008 12:04 PM
> To: Balakrishnan Viswanathan
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] encryption works but decryption failed
> 
> <EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
> 
> and you are using public key...
> 
> Aleksey
> 
> Balakrishnan Viswanathan wrote:
>> Aleksey
>>
>> I took the template 
>>
>>
> http://svn.gnome.org/viewvc/xmlsec/trunk/tests/aleksey-xmlenc-01/enc-des
>> 3cbc-aes192-keyname.tmpl?view=markup
>>
>> and this time even encrypt failed with "key not found error"
>>
>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
>> --binary-da
>> ta test.xml --session-key aes-192 --pubkey-pem:test-aes192
>> leafkeypub.pem --outp
>> ut testenc.xml templatefromaleksey.xml
>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>> wn:subj=
>> unknown:error=45:key is not found:
>>
> func=xmlSecEncCtxUriEncrypt:file=..\src\xmlenc.c:line=527:obj=unknown:su
>> bj=xmlSe
>> cEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>> Error: failed to encrypt file "test.xml"
>> Error: failed to encrypt file with template "templatefromaleksey.xml"
>>
>>
>> -Bala
>>
>> -----Original Message-----
>> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
>> Sent: Friday, January 18, 2008 11:38 AM
>> To: Balakrishnan Viswanathan
>> Cc: xmlsec at aleksey.com
>> Subject: Re: [xmlsec] encryption works but decryption failed
>>
>> Oh, never mine. I got it. You specify "session key" and
>> in this case you *must* add <EncryptedKey> to the template
>> to actually store the session key. Checkout examples
>> in xmlsec/tests/aleksey-xmlenc-01
>>
>> Aleksey
>>
>> Balakrishnan Viswanathan wrote:
>>> Aleksey,
>>>
>>> I tried that already and same result, commands below:-
>>>
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
>>> --binary-da
>>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
> --output
>>> testenc.x
>>> ml template2withoutKeyName.xml
>>>
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
>> testenc.xml
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
>>> --privkey-p
>>> em leafkey.pem --output testdecrypt.xml testenc.xml
>>> Enter password for "leafkey.pem" file:
>>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>>> xmlSecKe
>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>> wn:subj=
>>> unknown:error=45:key is not found:
>>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>>> wn:subj=
>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>>> xmlSecEn
>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>> Error: failed to decrypt file
>>> Error: failed to decrypt file "testenc.xml"
>>>
>>> -Bala
>>>
>>> -----Original Message-----
>>> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
>>> Sent: Friday, January 18, 2008 11:30 AM
>>> To: Balakrishnan Viswanathan
>>> Cc: xmlsec at aleksey.com
>>> Subject: Re: [xmlsec] encryption works but decryption failed
>>>
>>> Could you please to try to remove the KeyName and
>>> do *not* specify key name in the command line?
>>>
>>> Aleksey
>>>
>>> Balakrishnan Viswanathan wrote:
>>>> Aleksey,
>>>>
>>>> Thanks for your quick response. I tried removing the <KeyName/> from
>>> the
>>>> template and also specified the KeyName for encrypt and decrypt, but
>>>> decrypt still fails with "key not found" error
>>>>
>>>>
>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
>>>> --binary-da
>>>> ta test.xml --session-key des-192 --pubkey-pem:leaf-key
>> leafkeypub.pem
>>>> --output
>>>> testenc.xml template2withoutKeyName.xml
>>>>
>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
>>> testenc.xml
>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
>>>> --privkey-p
>>>> em:leaf-key leafkey.pem --output testdecrypt.xml testenc.xml
>>>> Enter password for "leafkey.pem" file:
>>>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>>>> xmlSecKe
>>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>>> wn:subj=
>>>> unknown:error=45:key is not found:
>>>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>>>> wn:subj=
>>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>>>> xmlSecEn
>>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>>> Error: failed to decrypt file
>>>> Error: failed to decrypt file "testenc.xml"
>>>>
>>>>
>>>> I am attaching the template and encrypted document. Thanks.
>>>>
>>>> -Bala
>>>>
>>>> -----Original Message-----
>>>> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
>>>> Sent: Friday, January 18, 2008 10:37 AM
>>>> To: Balakrishnan Viswanathan
>>>> Cc: xmlsec at aleksey.com
>>>> Subject: Re: [xmlsec] encryption works but decryption failed
>>>>
>>>> Most likely the cause of the problem is "empty"
>>>> KeyName node. Try to remove it from the template
>>>> or specify key name in the command line options
>>>> for both encryption and decryption.
>>>>
>>>> Aleksey
>>>>
>>>> Balakrishnan Viswanathan wrote:
>>>>> Hi All,
>>>>>
>>>>>  
>>>>>
>>>>> I am a newbie to xmlsec and also to security in general. I am
> trying
>>>> to 
>>>>> use xmlsec utility to encrypt and decrypt using the windows binary 
>>>>> provided by Igor. I am able to successfully encrypt a xml file
> using
>>>> syntax
>>>>>  
>>>>>
>>>>> Encryption:-
>>>>>
>>>>>  
>>>>>
>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
> --encrypt
>>>>> --binary-da
>>>>>
>>>>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
>>> --output
>>>>> testenc.x
>>>>>
>>>>> ml template2.xml
>>>>>
>>>>>  
>>>>>
>>>>> the above works and I can see the encrypted data in <ciphervalue>
>>> node
>>>>> of the output document testenc.xml (also attached).
>>>>>
>>>>>  
>>>>>
>>>>> However, when I try the reverse, i.e, decrypting the document from
>>>> above 
>>>>> step I get error below
>>>>>
>>>>>  
>>>>>
>>>>> Decryption fails:-
>>>>>
>>>>>  
>>>>>
>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
> --decrypt
>>>>> --privkey-p
>>>>>
>>>>> em leafkey.pem --output testdecrypt.xml testenc.xml
>>>>>
>>>>> Enter password for "leafkey.pem" file:
>>>>>
>>>>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>>>> xmlSecKe
>>>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>>>
>>>>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>>> wn:subj=
>>>>> unknown:error=45:key is not found:
>>>>>
>>>>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>>>> wn:subj=
>>>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>>>>
>>>>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>>>> xmlSecEn
>>>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>>>>
>>>>> Error: failed to decrypt file
>>>>>
>>>>> Error: failed to decrypt file "testenc.xml"
>>>>>
>>>>>  
>>>>>
>>>>> The error says "key not found", but key is in the same folder where
>> I
>>>> am 
>>>>> running it from. I am also attaching the private key (password -
>>> leaf)
>>>>> and public key that corresponds to it
>>>>>
>>>>>  
>>>>>
>>>>> I am attaching all the relevant files. Any pointers are
> appreciated.
>>>> Thanks.
>>>>>  
>>>>>
>>>>> -Bala
>>>>>
>>>>>  
>>>>>
>>>>>  
>>>>>
>>>>>  
>>>>>
>>>>>
>>>>>
> ------------------------------------------------------------------------
>>>>> _______________________________________________
>>>>> xmlsec mailing list
>>>>> xmlsec at aleksey.com
>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>>
>>>>>
> ------------------------------------------------------------------------
>>>>> _______________________________________________
>>>>> xmlsec mailing list
>>>>> xmlsec at aleksey.com
>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list