[xmlsec] Encrypt/decrypt works in one environment, but not another (parser error : internal error: detected an error in element content)

Matthias Hjalmarsson matthias at yacc.se
Sun Jun 23 08:58:09 PDT 2019 

Hi!

I'm trying to use xmlsec to implement encrypt/decrypt functionality, with
help from
https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html for
providing basic examples.

I have a problem where a test case works in one environment, but not in
another and I'm not sure how to proceed.

I'm attaching 4 files

* certificate.p12 - private key given in PKCS #12 for decrypting (password:
hello)
* public.pem - public file for encrypting
* doc.xml - document to encrypt
* template.xml - template used for encrypting

Encrypt:
xmlsec1 encrypt --pubkey-pem public.pem --session-key des-192 --xml-data
doc.xml --output encrypted.xml template.xml

Decrypt
xmlsec1 decrypt --output result.xml --pkcs12 certificate.p12 --pwd hello
encrypted.xml

When run with latest version available via cygwin (xmlsec1 1.2.24
(openssl)) on Windows, this produces the desired result that result.xml is
equivalent to doc.xml. However, when run on CentOS 7 with the latest
available version (xmlsec1 1.2.20 (openssl)) decryption fails with:

Entity: line 2: parser error : internal error: detected an error in element
content

<PayInfo>
         ^
func=xmlSecReplaceNodeBufferAndReturn:file=xmltree.c:line=573:obj=unknown:subj=xmlParseInNodeContext:error=5:libxml2
library function failed:Failed to parse content
func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=648:obj=unknown:subj=xmlSecReplaceNodeBuffer:error=1:xmlsec
library function failed:node=EncryptedData
Error: failed to decrypt file
Error: failed to decrypt file "encrypted.xml"

Obviously, I see that I'm running different versions, but does anyone know
what might be wrong regardless? Is the test case flawed but 1.2.24 accepts
it anyway, or did I run into a bug?

Regards,
Matthias Hjalmarsson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20190623/b602174c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: certificate.p12
Type: application/x-pkcs12
Size: 1765 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20190623/b602174c/attachment.p12>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: public.pem
Type: application/octet-stream
Size: 278 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20190623/b602174c/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: doc.xml
Type: text/xml
Size: 252 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20190623/b602174c/attachment.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: template.xml
Type: text/xml
Size: 682 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20190623/b602174c/attachment-0001.xml>

More information about the xmlsec mailing list