[xmlsec] Re: Single-alone EncryptedKey Handle

Andrew Fan Andrew.Fan@sun.com
Sun, 01 Jun 2003 11:29:10 +0800


Aleksey Sanin wrote:

> Andrew,
>
> First of all, please use xmlsec mailing list instead of my
> personal email. "Aleksey & All" on my personal email makes
> me feel uncomfortable :)

I say sorry. This is my mistakes, I forgot CC the mail to the mail list. 
So sorry.

>
> Now back to your question. There is a way to do it:
>
> 1) Prepare <EncryptedKey/> template either by hand or with
> xmlSecTmplKeyInfoAddEncryptedKey() function (just ignore
> "KeyInfo" in the name of the function and in the name of
> the first parameter, supply any node as parent instead :) ).
> 2) Select/generate the session key.
> 3) Encrypt this key in the created <EncryptedKey/> template
> with xmlSecEncCtxBinaryEncrypt() function as usual.
> 4) Now create/load <EncryptedData/> template as usual,
> you may use xmlSecTmplKeyInfoAddRetrievalMethod() function
> to add <RetrievalMethod/> node.
> 5) Create xmlSecEncCtx and set the session key from step 2)
> in "encKey" member.
> 6) Do encryption as usual.
>
>
> The process seems to be long but it actually very simple.
> There are too many possible options here and I am not sure
> I have any good idea on how to simplify it w/o adding too
> much internal complexity.

Thank you! You give me the answer.

>  
>
> Aleksey.
>
>
>
>
> Andrew Fan wrote:
>
>> Hi Aleksey & All,
>>
>> I want to support single-alone EncryptedKey  which refereneced by the 
>> RetrivalMethod of the KeyInfo inside a EncrypedData, such as:
>>
>>  [t01] <EncryptedData Id='ED'         
>> xmlns='http://www.w3.org/2001/04/xmlenc#'>
>>  [t02]   <EncryptionMethod           
>> Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/>
>>  [t03]   <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
>>  [t04]     <ds:RetrievalMethod URI='#EK'
>>             Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/>
>>  [t05]     <ds:KeyName>Sally Doe</ds:KeyName>
>>  [t06]   </ds:KeyInfo>
>>  [t07]   <CipherData><CipherValue>DEADBEEF</CipherValue></CipherData>
>>  [t08] </EncryptedData>
>>
>>
>>  [t09] <EncryptedKey Id='EK' xmlns='http://www.w3.org/2001/04/xmlenc#'>
>>  [t10]   <EncryptionMethod           
>> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>>  [t11]   <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
>>  [t12]     <ds:KeyName>John Smith</ds:KeyName>
>>  [t13]   </ds:KeyInfo>
>>  [t14]   <CipherData><CipherValue>xyzabc</CipherValue></CipherData>
>>  [t15]   <ReferenceList>
>>  [t16]     <DataReference URI='#ED'/>
>>  [t17]   </ReferenceList>
>>  [t18]   <CarriedKeyName>Sally Doe</CarriedKeyName>
>>  [t19] </EncryptedKey>
>>
>>
>> And I have not found the suitable interfaces. What can I do? Can you 
>> give me some suggestions?
>>
>> Thanks,
>> Andrew
>
>
>