[xmlsec] How to add a <KeyInfo> standalone to carry a encrypted key?

Aleksey Sanin aleksey at aleksey.com
Fri Apr 11 21:01:50 PDT 2003


Code and explanations assumes that you are using XMLSec 1.0.0rc1,
the conversion to 0.0.x branch is left to the reader :)

1) Add <dsig:KeyInfo/> element where you want using xmlAddChild(),
xmlAddPrevSibling, etc.
2) Add <enc:EncryptedKey/> and its children either using LibXML2
functions (see above) or XMLSec functions from templates.h:

int createEncKeyNodeTmpl(xmlNodePtr keyInfoNode) {
xmlNodePtr encKeyNode;
xmlNodePtr encKeyKeyInfoNode;

assert(keyInfoNode);
encKeyNode = xmlSecTmplKeyInfoAddEncryptedKey(keyInfoNode,
xmlSecTransformRsaPkcs1Id,
NULL, NULL, NULL);
if(encKeyNode == NULL) {
return(-1);
}

if(xmlSecTmplEncDataEnsureCipherValue(encKeyNode) == NULL) {
return(-1);
}

encKeyKeyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encKeyNode);
if(encKeyKeyInfoNode == NULL) {
return(-1);
}

if(xmlSecTmplKeyInfoAddX509Data(encKeyKeyInfoNode) == NULL) {
return(-1);
}

/* you need this only if you use option 3a) from bellow,
* if you go with 3b) option, then you can remove this
*/
if(xmlSecTmplKeyInfoAddKeyName(encKeyKeyInfoNode, "the-enc-key-name") ==
NULL){ return(-1);
}

return(0);
}

3) Now you have a choice: use xmlSecKeysMngr or set the key used
to encrypt <enc:EncryptedKey/> in the encryption context.

3a) Add <dsig:KeyName/> to the encKeyKeyInfoNode, load the encryption key
with all assotiated certificates in keys manager, create xmlSecKeyInfoCtx
object.

3b) Create encryption context in xmlSecKeyInfoCtx using
xmlSecKeyInfoCtxCreateEncCtx() function, load encryption key with all
assotiated certificates, set encryption key in the created encryption
context.

4) Call the xmlSecKeyInfoNodeWrite() function (the "key" parameter of
this function is the key you want to encrypt).


BTW, thanks for a good question. Probably this should go in the tutorial :)


Aleksey


vgecko wrote:

> I want to carry a encrypted key in my xml doc as below. How can i do that?
>
> <doc>
> <data>...</data>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
> <EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <X509Data>
> <X509Certificate>...</X509Certificate>
> </X509Data>
> </KeyInfo>
> <CipherData>
> <CipherValue/>
> </CipherData>
> </EncryptedKey>
> </KeyInfo>
> </doc>
>
> thanks.
>
>
>




More information about the xmlsec mailing list