[xmlsec] Re: Single-alone EncryptedKey Handle
Andrew Fan
Andrew.Fan@sun.com
Sun, 01 Jun 2003 11:29:10 +0800
Aleksey Sanin wrote:
> Andrew,
>
> First of all, please use xmlsec mailing list instead of my
> personal email. "Aleksey & All" on my personal email makes
> me feel uncomfortable :)
I say sorry. This is my mistakes, I forgot CC the mail to the mail list.
So sorry.
>
> Now back to your question. There is a way to do it:
>
> 1) Prepare <EncryptedKey/> template either by hand or with
> xmlSecTmplKeyInfoAddEncryptedKey() function (just ignore
> "KeyInfo" in the name of the function and in the name of
> the first parameter, supply any node as parent instead :) ).
> 2) Select/generate the session key.
> 3) Encrypt this key in the created <EncryptedKey/> template
> with xmlSecEncCtxBinaryEncrypt() function as usual.
> 4) Now create/load <EncryptedData/> template as usual,
> you may use xmlSecTmplKeyInfoAddRetrievalMethod() function
> to add <RetrievalMethod/> node.
> 5) Create xmlSecEncCtx and set the session key from step 2)
> in "encKey" member.
> 6) Do encryption as usual.
>
>
> The process seems to be long but it actually very simple.
> There are too many possible options here and I am not sure
> I have any good idea on how to simplify it w/o adding too
> much internal complexity.
Thank you! You give me the answer.
>
>
> Aleksey.
>
>
>
>
> Andrew Fan wrote:
>
>> Hi Aleksey & All,
>>
>> I want to support single-alone EncryptedKey which refereneced by the
>> RetrivalMethod of the KeyInfo inside a EncrypedData, such as:
>>
>> [t01] <EncryptedData Id='ED'
>> xmlns='http://www.w3.org/2001/04/xmlenc#'>
>> [t02] <EncryptionMethod
>> Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/>
>> [t03] <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
>> [t04] <ds:RetrievalMethod URI='#EK'
>> Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/>
>> [t05] <ds:KeyName>Sally Doe</ds:KeyName>
>> [t06] </ds:KeyInfo>
>> [t07] <CipherData><CipherValue>DEADBEEF</CipherValue></CipherData>
>> [t08] </EncryptedData>
>>
>>
>> [t09] <EncryptedKey Id='EK' xmlns='http://www.w3.org/2001/04/xmlenc#'>
>> [t10] <EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>> [t11] <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
>> [t12] <ds:KeyName>John Smith</ds:KeyName>
>> [t13] </ds:KeyInfo>
>> [t14] <CipherData><CipherValue>xyzabc</CipherValue></CipherData>
>> [t15] <ReferenceList>
>> [t16] <DataReference URI='#ED'/>
>> [t17] </ReferenceList>
>> [t18] <CarriedKeyName>Sally Doe</CarriedKeyName>
>> [t19] </EncryptedKey>
>>
>>
>> And I have not found the suitable interfaces. What can I do? Can you
>> give me some suggestions?
>>
>> Thanks,
>> Andrew
>
>
>