[xmlsec] SOAP and the xmlsec1 tool

Ole Laursen olau at iola.dk
Fri Apr 24 03:29:37 PDT 2015 

Hi!

Is the xmlsec1 tool supposed to be able to decrypt SOAP messages
encrypted with wsse:Security out of the box?

I have received such an XML document which has the following in the SOAP header

<xenc:EncryptedKey Id="EncKeyId-80E57A3BB5197E4F63142
139343107910935"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
/><ds:KeyInfo xmlns:ds="http://www
.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference><wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-se
curity-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdent
ifier">M4gzH2lwkAVRexsB3yk1wG6Fl8g=</wsse:KeyIdentifier></wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>PRFdy...vsQ==</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
URI="#EncDataId-26243" /></xenc:ReferenceList></xenc:EncryptedKey>

(which I suppose is a symmetric key encrypted with a public key where
I have the private key) and the following in the SOAP body (which I
suppose is encrypted with the symmetric key)

<xenc:EncryptedData Id="EncDataId-26243"
Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference
URI="#EncKeyId-80E57A3BB5197E4F63142139343107910935"
/></wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>a+2W...x5g</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>

When I try

xmlsec1 decrypt --pkcs12 mykey.p12 --pwd SECRET soapmessage.xml

it says

func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed:
func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=957:obj=unknown:subj=unknown:error=45:key
is not found:
func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=715:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec
library function failed:
func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=623:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
library function failed:
Error: failed to decrypt file

I'm not really sure how to debug this, or whether it is even supposed
to work at all?


Ole

More information about the xmlsec mailing list