[xmlsec] Can't decrypt GCM based algorithms

Tue Mar 29 16:25:43 UTC 2022

perfect.  I do get errors but my laptop is home at the moment.  I will test
again tonight and let you know.

Tim

On Tue., Mar. 29, 2022, 12:57 p.m. Aleksey Sanin, <aleksey at aleksey.com>
wrote:

> Well, the gcm code for openssl is here:
>
>
> https://github.com/lsh123/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L80
>
> so adding printfs in these functions would help.
>
> Do you get any errors?
>
> Aleksey
>
> On 3/29/22 11:51 AM, Timothy Legge wrote:
> > Hi
> >
> > I am working on adding support for aes*-gcm to perl's XML::Enc.  I can:
> >
> > 1. Decrypt SAML responses encrypted with aes*-gcm using XML::Enc
> > 2. Decrypt xmlsec encrypted aes*-gcm XML using XML::Enc
> > 3. Encrypt XML using aes*-gcm with XML::Sec
> > 4. Decrypt XML that was encrypted with XML::Sec using ases*-gcm
> >
> > However, I cannot use xmlsec to decrypt XML::Sec encrypted XML that
> > uses aes*-gcm.
> >
> > I can't think of any issues that would allow me to encrypt and decrypt
> > XML successfully with XML::Enc but not allow xmlsec to decrypt those
> > files.
> >
> > I was wondering if there is a debug flag for XML sec that would allow
> > me to output the following:
> >
> > 1. base64 of the CipherValue it reads from the XML file
> > 2. base 64 of IV
> > 3 base64 of encrypted data
> > 4 base 64 of the tag
> > 5 base 64 of the key
> >
> > I don't mind adding some print debugging and recompiling if you can
> > point me to a starting place.  It has been a while since I wrote much
> > C but I have no issues.  Finding the correct spot though...
> >
> > Tim
> >
> > Timothy Legge
> > timlegge at gmail.com
> > timlegge at cpan.org
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20220329/e8e7a3cd/attachment.htm>