[xmlsec] Missing encryptedkey ?

Aleksey Sanin aleksey at aleksey.com
Sat Jun 9 17:08:46 PDT 2012


You need to use KW transform. Take a look at

tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.tmpl


Aleksey

On 6/9/12 10:15 AM, Roland Hedberg wrote:
> 
> 9 jun 2012 kl. 18:14 skrev Aleksey Sanin:
> 
>> Take a look at the tests in the tests/01-phaos-xmlenc-3/ folder.
>> In particular, enc-element-3des-kw-3des.tmpl
> 
> 
> Used the keys.xml from the above mentioned folder, used the template and modified the command to be:
> 
> xmlsec1 encrypt --pubkey-cert-pem ../example/sp/pki/mycert.pem \
>     --session-key des-192 --xml-data pre_saml2_response.xml \
>     --keys-file keys.xml \
>     --node-xpath '/*[local-name()="Response"]/*[local-name()="Assertion"]/*[local-name()="Subject"]/*[local-name()="EncryptedID"]/text()' \
>     enc-element-3des-kw-3des.tmpl
> 
> Same result though, the added part is:
> 
> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
>                Type="http://www.w3.org/2001/04/xmlenc#Element">
>   <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>   <CipherData>
>     <CipherValue>ZBx6+ENTu+nktBVSGunBlnBPGc4MXxNJg9vLd1Z/MBJKx2QU/W9kD7OJRQ+Op6ct+865Cgf/9AM=</CipherValue>
>   </CipherData>
> </EncryptedData>
> 
> No EncryptedKey element ?
> did I misunderstand you ?
> 
> -- Roland
> ------------------------------------------------------
> Roland Hedberg
> IT Architect/Senior Researcher
> ICT Services and System Development (ITS) 
> Umeå University 
> SE-901 87 Umeå, Sweden	
> Phone +46 90 786 68 44
> Mobile +46 70 696 68 44 
> www.its.umu.se 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list