[xmlsec] How to encrypt a key ?

[Aleksey Sanin]

You create a template that specifies

<EncryptionMethod Algorithm="...#aes128-cbc">

and then specify the encrypted key as follows

<EncryptedKey>
   <EncryptionMethod Algorithm="...#rsa-1_5"/>
   ...
</>

This will automatically create "session" AES key, use
this session key to encrypt data and then put encrypted
session key in the <EncryptedKey> element.

Search for "aes128-cbc" string in the xmlsec/tests folder for
examples.

Aleksey

Sébastien Hinderer wrote:
> Dear all,
> 
> I went through xmlsec's tutorial and examined several pages of the API
> reference, but cant't really figure out how to encrypt a key with
> another key.
> 
> The scenario is as follows.
> 1. An AES 192 bits key is generated.
> 2. This key is encrypted with an RSA public key, so that it can be
> decrypted only on a device owning the corresponding private key.
> 3. The AES key generated in step 1 is used to encrypt a series of XML
> files, so that these files are readable only on one device.
> 
> My uestion is about step 2.
> More precisely, I know how to load the rea key, assume it is placed in a
> variable called rsaPublicKey.
> I also know how to generate the AES key, spposed it is placed in a
> variable called aesKey.
> Now that these two keys are available, how to produce something looking
> like this:
> <xe:EncryptedKey>
>   <xe:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>   <xe:CipherData>
>     <xe:CipherValue>...</xe:CipherValue>
>   </xe:CipherData>
>   <xe:CarriedKeyName>keyname</xe:CarriedKeyName>
> </xe:EncryptedKey>
> My guess is that the operation will involve xmlSecTransformRsaPkcs1Id,
> but I can't find more precisely the wayleading from the two keys to the
> previously shown output.
> 
> Any help would be gratly appreciate.
> 
> Thanks much in advance,
> Sébastien.
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec