[xmlsec] detached encrypted key

Aleksey Sanin aleksey at aleksey.com
Fri Oct 29 11:50:32 PDT 2004



> 
> 2. When I try to decrypt the encrypted key element, 
> xmlsec tries to replace the encrypted key element, by 
> calling xmlSecReplaceNodeBuffer, even though the Type
> attribute says "content". I got the internal parser
> error. ( there is no well formed xml data, it is key,
> so supposedly fails).
BTW, the xmlSecReplaceNodeBuffer function handles "content"
type nicely:

$ cat tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [
<!ATTLIST Test Id ID #IMPLIED>
]>
<Test Id="Test"><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" 
MimeType="text/plain" Type="http://www.w3.org/2001/04/xmlenc#Content">
   <EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
     <KeyName>test-des</KeyName>
   </KeyInfo>
   <CipherData>
      <CipherValue>
        V0CekKjZodbqjW4Yq3lMkA==
      </CipherValue>
   </CipherData>
</EncryptedData></Test>

$ /home/aleksey/dev/xmlsec-tip/apps/xmlsec1 decrypt  --crypto-config 
/tmp/xmlsec-crypto-config --keys-file tests/keys/keys.xml 
tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [
<!ATTLIST Test Id ID #IMPLIED>
]>
<Test Id="Test">
test
</Test>


Aleksey



More information about the xmlsec mailing list