[xmlsec] Encrypting Content

Timothy Legge timlegge at gmail.com
Fri Mar 25 23:15:15 UTC 2022 

Hi

Sorry, I sent this directly to Aleksey initially...

I was following:
https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html
(which is reasonably close enough for me to get encryption working.

Specifically the following command results in the Content in
/PayInfo/CreditCard/Number/text() being properly encrypted.  However,
I would expect that the EncryptedData Type should be
"http://www.w3.org/2001/04/xmlenc#Content" instead of the specified
Element for this to properly encrypt the Content.  Changing it to
Content causes the doc-encrypted.xml created to be missing data in the
Number tags: "<Number></Number>".

To me it appears this to be a bug but likely I am misreading the
XML-Enc specifications.

Any thoughts?

xmlsec1 --encrypt --pubkey-cert-pem t/sign-certonly.pem
--session-key des-192 --xml-data doc-plain.xml --output
doc-encrypted.xml --node-xpath '/PayInfo/CreditCard/Number/text()'
session-key-template.xml

========================================
doc-plain.xml
========================================
<?xml version="1.0" encoding="utf-8" ?>
<PayInfo>
  <Name>John Smith</Name>
  <CreditCard Limit='2,000' Currency='USD'>
    <Number>1076 2478 0678 5589</Number>
    <Issuer>CitiBank</Issuer>
    <Expiration>06/10</Expiration>
  </CreditCard>
</PayInfo>
========================================
session-key-template.xml
==========================================
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Original XML
 doc file before encryption (encrypt3 example).
-->
<EncryptedData
  xmlns="http://www.w3.org/2001/04/xmlenc#"
  Type="http://www.w3.org/2001/04/xmlenc#Element">
 <EncryptionMethod Algorithm=
   "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
   <EncryptionMethod Algorithm=
     "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <KeyName/>
   </KeyInfo>
   <CipherData>
    <CipherValue/>
   </CipherData>
  </EncryptedKey>
 </KeyInfo>
 <CipherData>
  <CipherValue/>
 </CipherData>
</EncryptedData>
==========================================


Timothy Legge
timlegge at gmail.com
timlegge at cpan.org

More information about the xmlsec mailing list