<br><font size=2 face="sans-serif">Hello,</font>
<br><font size=2 face="sans-serif">First off I'd like to say thank you
to Aleksey and the mailing list. This library has saved me from trying
to invent a security implementation on my own,</font>
<br><font size=2 face="sans-serif">and the dialog in the mailing list has
helped me fix difficult problems that didn't seem to have obvious solutions.
Thank you!</font>
<br>
<br><font size=2 face="sans-serif">Now, the problem I'm having has to do
with wsse security tokens and encryption.</font>
<br><font size=2 face="sans-serif">More specifically the subject key identifier
found in x509 certificates.</font>
<br><font size=2 face="sans-serif">I'm trying to fill out this node, which
would be part of the EncryptedKey node in the SOAP:Header:</font>
<br><font size=2 face="sans-serif"><wsse:SecurityTokenReference></font>
<br><font size=2 face="sans-serif"><wsse:KeyIdentifier ValueType="wsse:X509SubjectKeyIdentifier"
EncodingType="wsse:Base64Binary"/></font>
<br><font size=2 face="sans-serif"></wsse:SecurityTokenReference></font>
<br>
<br><font size=2 face="sans-serif">with information that would be gathered
from this node:</font>
<br><font size=2 face="sans-serif"><X509Data></font>
<br><font size=2 face="sans-serif"><X509Certificate/></font>
<br><font size=2 face="sans-serif"><X509SKI/></font>
<br><font size=2 face="sans-serif"></X509Data></font>
<br>
<br><font size=2 face="sans-serif">The problem is that encryption returns
this for X509Data node:</font>
<br><font size=2 face="sans-serif"><X509Data></font>
<br>
<br>
<br><font size=2 face="sans-serif"></X509Data></font>
<br>
<br><font size=2 face="sans-serif">Empty. I realize that you generally
don't apply a certificate to encryption, but I can't do this step with
signature creation</font>
<br><font size=2 face="sans-serif">because I'd have to change the document,
which would make the signature invalid.</font>
<br><font size=2 face="sans-serif">What I'm doing:</font>
<br><font size=2 face="sans-serif">- I load up my key into a keys manager</font>
<br><font size=2 face="sans-serif">- I load up my cert into the keys manager</font>
<br><font size=2 face="sans-serif">- Create the encryption context object
with the manager as its parameter</font>
<br><font size=2 face="sans-serif">- Set encryption context encKey to generated
des key</font>
<br><font size=2 face="sans-serif">- Successfully create encrypted data
template with X509Data, X509Certificate, and X509SKI properly attached
to KeyInfo node</font>
<br><font size=2 face="sans-serif">- Successfully encrypt data</font>
<br><font size=2 face="sans-serif">- Parse and print out document and see
that the X509Data node is now empty, thus not able to get the SKI info</font>
<br>
<br><font size=2 face="sans-serif">If the node had been filled out as I
had hoped, I would have:</font>
<br><font size=2 face="sans-serif">- Located the X509Data node and unlinked
it from the document</font>
<br><font size=2 face="sans-serif">- Set the content of the KeyIdentifier
node to the content of the X509SKI node</font>
<br>
<br><font size=2 face="sans-serif">Is there something I'm doing wrong,
is this something that xmlsec can't do, and/or is there a better way to
do this?</font>
<br><font size=2 face="sans-serif">Thank you very much,</font>
<br><font size=2 face="sans-serif">Brian</font>