[xmlsec] Encrypting and decripting with private key

Dimitar Dimitrov ddimitrov at constalant.com
Mon Feb 23 11:02:54 PST 2009


I was trying XmlSec to encrypt/decrypt an xml file. That works fine except 
that I've noticed something strange. 

The following sequence is OK:

A:  xmlsec1 encrypt --pubkey-pem tls/client-pub.pem --session-key des-192  \
         --xml-data data.xml --output data_enc.xml session-key-template.xml

B: xmlsec1 decrypt --privkey-pem tls/client-key.pem data_enc.xml

That's encrypting  data.xml into data_enc.xml using client's public and 
private x509 keys as it is supposed to be under normal circumstances.

But if I twist it a bit (don't ask me why :) and encrypt with client's private 
key, I can also decrypt with client's private key!?  Like this:

C: xmlsec1 encrypt --pubkey-pem tls/client-key.pem --session-key des-192 \
          --xml-data data.xml --output data_enc.xml session-key-template.xml

D: xmlsec1 decrypt --privkey-pem tls/client-key.pem data_enc.xml

Decryption with the public key doesn't work, btw.

Is this behavior correct? Or I'm doing something wrong?
I know that in all normal situations one should encrypt with the public key 
and decrypt with the private, so this is rather an unusual use case. But still 
curios should it be possible to encrypt and decrypt with the private key only?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20090223/bc1110b2/attachment.htm

More information about the xmlsec mailing list