[xmlsec] xmlSecTransformRsaPkcs1
Tej Arora
tejbiz@aol.com
Sun, 10 Aug 2003 17:02:46 -0700
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
<font size="2"><font face="Arial,sans-serif">This transform is supposed
to encrypt a symmetric key using RSA.<br>
The key to be encrypted is expected to be in cleartext in the<br>
input buffer.<br>
<br>
Under some crypto systems like NSS, any keys in cleartext is frowned<br>
upon. In practice, raw keys reside only in crypto tokens, and when<br>
they leave the token they're always encrypted. <br>
<br>
Encryption of key data is called "wrapping" and that of non-key data<br>
is just called "encryption".<br>
<br>
NSS provides these forms of RSA encryption:<br>
1) WRAP a key using RSA. The key must be on some token. If it<br>
is not on a token, the app must first get it on the token. It is
possible<br>
to get a cleartext key onto a token. To do that one has to know the<br>
key type. The implementation of xmlSecTransformRsaPkcs1 is<br>
such that this information is not available to the transform. XML ENC<br>
spec actually specifies that information in the schema.<br>
2) Encrypt non-key data using RSA (no support for padding)<br>
<br>
The bottom line is that the only way to make the RsaPkcs1 transform<br>
work for NSS is to implement (2) with padding support. The NSS<br>
team however has strong objections to encrypting cleartext keys<br>
in the first place. <br>
<br>
So, I'm writing to ask if you can add a new RSA PKCS1 transform<br>
whose input is a key reference (not the raw key) and the output is the <br>
wrapped key. I understand that xmlsec tests will still load raw keys<br>
from files, but with the new transform - we'll atleast be able to
support<br>
a secure mode of operation that can be used by NSS based deployments.<br>
<br>
<br>
thanks,<br>
<br>
-Tej<br>
<br>
</font></font>
</body>
</html>