[xmlsec] Re: XML-ENC questions
Aleksey Sanin
aleksey at aleksey.com
Wed Jun 30 03:04:08 PDT 2004
Veiko.Sinivee at seb.se wrote:
> Note that you are mixing MimeType and Type attributes. The only two
> defined values for Type attribute are "content" and "element" :
>
> http://www.w3.org/TR/xmlenc-core/#sec-Processing-Decryption
>
>
> Well I understood if differently. Here it says:
>
> 5. Process decrypted data if Type is unspecified or is not 'element' or element 'content'.
>
> and then in paragraph 4.3 it says:
>
> For example, if the application wishes to canonicalize its data or encode/compress the data in an XML packaging format, the application needs to marshal the XML accordingly and identify the resulting type via the EncryptedData Type attribute
>
> I understood this that if I want to compress xml data before
> encryption then I should use:
> <EncryptedData Type="http://www.isi.edu/in-notes/iana/assignments/media-types/application/zip">
> ...
> Did I miss something ? It says here pretty clearly that I have
> to indicate this using the Type atribute?
>
Yes, you can. But it will not be something defined in the spec or
implemented in xmlsec :)
>
> No, you need only one keys manager. Just make sure that you can identify
> correct encryption key from each EncryptedKey (e.g. using key name ==
> cert subject).
>
> Thank's I'll try that. So do you then set KeyName to subjects DN or CN ?
KeyName is arbitrary string. It's up to application to decide what it is
in each partiular case. key name == cert subject was just an example.
>
> 2) Next you need to put <X509Data/> into the template. You can further
> specify what exactly do you want with <X509Data/> children (e.g.
> <X509SKI>, etc.)
>
> Does this work also with "dynamic template" like encrypt3.c sample?
>
Yes. Dynamic and static templates are only different on the template
creation stage :)
Aleksey
More information about the xmlsec
mailing list