[xmlsec] manual decrypt

Aleksey Sanin aleksey at aleksey.com
Thu Jan 24 19:28:21 PST 2008 

You might want to read the spec

http://www.w3.org/Signature/Overview.html

Note the section about IV and exact CBC mode for aes
encryption.

Aleksey


Balakrishnan Viswanathan wrote:
> Aleksey,
> 
>  
> 
> I was able to use the templates and encrypt an xml file using xmlsec, 
> the result is like
> 
>  
> 
> <?xml version="1.0" encoding="UTF-8"?>
> 
> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" 
> MimeType="text/plain">
> 
>   <EncryptionMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> 
>   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> 
>     <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
> 
>       <EncryptionMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5">
> 
>         <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 
>       </EncryptionMethod>
> 
>       <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> 
>       </KeyInfo>
> 
>       <CipherData>
> 
>         
> <CipherValue>sPReUF+uwZhGoyq1keMI0zS0x5pJfAOv0P4GQpDiq4SkGcKL1VgQLEZb0t7cWJsF
> 
> EVYlhLH/UX1KSR4LsD0rPtYxzyl9u1MwE78AXJmD/WpmhzuYbhGaPS4G8aBLtV4o
> 
> EphXZIut0gZUQNM4VcKBV+kKjp+pYvTJQo9ZnROszFk=</CipherValue>
> 
>       </CipherData>
> 
>     </EncryptedKey>
> 
>   </KeyInfo>
> 
>   <CipherData>
> 
>     
> <CipherValue>0WJE6bRu1Bmu6nf7M78ZAZkeZQWSXtuGcf8X3y28ZIWHY6UFv+5HsxRTXKQ107aD
> 
> 3Rh1g5FjSZwqhHH1pJWMXKkm8L8cryXRkDbPjhYcufVwgb6m+d2xJn2H3fKdylRy
> 
> qLRK+0EPZ2QA2G7auVXKvX6zpemcb9diXSPoy4gFX1DeNReJXqvSHHSxbDBHRA7W
> 
> 3uFbV7isUrELh0aYnWRIyimTf2RdgqXzFN8maR9x8AI=</CipherValue>
> 
>   </CipherData>
> 
> </EncryptedData>
> 
>  
> 
>  
> 
> I was able to decrypt the encrypted symmetric key between the first 
> <CipherData>..</CipherData> node manually using openssl with commands
> 
>  
> 
> openssl rsautl -inkey leafkey.pem -decrypt -in sessionkeyraw  -raw –out 
> sessionkey.dec
> 
>  
> 
> the above steps output binary data into sessionkey.dec, I am able to see 
> using command below
> 
>  
> 
>  openssl enc -in sessionkey.dec –p
> 
>  
> 
> However, when I try to decrypt the payload (second 
> <CipherData>…</CipherData> node)with the retrieved key using command
> 
>  
> 
> openssl enc -d -a -in payload.b64.enc -kfile sessionkey.decrypt -out payload
> 
>  
> 
> The above returns but payload contains binary data, shouldn’t I be 
> seeing an xml file?.
> 
>  
> 
>  
> 
> -Bala
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list