[xmlsec] Tripledes rsa kt

Edward Shallow ed.shallow at rogers.com
Sun Nov 13 15:06:02 PST 2005


Hi Aleksey,

   Another generic question. Have most of Python ctypes wrap working. This
last one giving problems.

What works ...
- sign of most anything
- verify of most anything
- encrypt straight xmlenc#rsa-1_5 only, as long as I not using a symmetric
session key
- decrypt of most anything

What doesn't work ...
- EncryptedData 3des with EncryptedKey rsa

Rough logic as follows ...

    parsedTmpl =
libxml2.xmlParseFile('c:/xmlsec/tmpl/tmpl-encrypt-3des-kt-RSA-friendly.xml')
    rootNode = libxml2.xmlDocGetRootElement(parsedTmpl)
    encNode = xmlsec.xmlSecFindNode(rootNode, 'EncryptedData',
'http://www.w3.org/2001/04/xmlenc#')

    parsedDoc = libxml2.xmlParseFile('c:/xmlsec/inout/encrypt-doc.xml')
    rootNode = libxml2.xmlDocGetRootElement(parsedDoc)
    targetNode = xmlsec.xmlSecFindNode(rootNode, 'Salary', None)

    keysMngr = xmlsec.xmlSecKeysMngrCreate()
    rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
    print 'CryptoAppDefaultKeysMngrInit \t\tstatus code', rc

    id = xmlsecMS.xmlSecMSCryptoKeysStoreGetKlass()
    keyStore = xmlsec.xmlSecKeyStoreCreate(id)
    rc = xmlsecMS.xmlSecMSCryptoKeysStoreLoad(keyStore,
'c:/xmlsec/keys/keys.xml', keysMngr)
    print 'MSCryptoKeysStoreLoad \t\t\tstatus code', rc
    print 'Querying Store Name being used\t\t',
xmlsecMS.xmlSecMSCryptoAppGetCertStoreName()

    encCtx = xmlsec.xmlSecEncCtxCreate()
    rc = xmlsec.xmlSecEncCtxInitialize(encCtx, keysMngr)

    desKlass = xmlsec.xmlSecKeyDataDesGetKlass()
    print 'desKlass.contents.name\t\t\t', desKlass.contents.name
    sessionKey = xmlsec.xmlSecKeyGenerateByName(desKlass.contents.name,
c_int(192), c_int(8))
    rc = xmlsec.xmlSecKeySetName(sessionKey, 'test-des')
    encCtx.contents.encKey = sessionKey

    rc = xmlsec.xmlSecEncCtxXmlEncrypt(encCtx, encNode, targetNode)
    print '\nEncryption complete with \tstatus code', rc, '\n\n'


Produces the following ...

Entering xmlsec ctypes wrap, loading libxml2, libxmlsec, and mscrypto dll's
Loading dynamic crypto support          status code 0
Loading mscrypto                        status code 0
MSCryptoAppInit                         status code 0
Initializing xmlsec                     status code 0
CryptoInit                              status code 0
CryptoAppDefaultKeysMngrInit            status code 0
MSCryptoKeysStoreLoad                   status code 0
Querying Store Name being used          MY
desKlass.contents.name                  des
func=xmlSecKeyInfoNodeRead:file=..\src\keyinfo.c:line=89:obj=unknown:subj=ke
yInfoCtx->mode == xmlSecKeyInfoModeRead:error=100:assertion: ;last error
1008 (0x000003f0);last error msg=An attempt was made to reference a token
that does not exist.

func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1343:obj=unknown:subj=xmlS
ecKeyInfoNodeRead:error=1:xmlsec library function failed:node=KeyInfo;last
error=1008 (0x000003f0);last error msg=An attempt was made to reference a
token that does not exist.

func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unknown:s
ubj=unknown:error=45:key is not found: ;last error=1008 (0x000003f0);last
error msg=An attempt was made to reference a token that does not exist.

func=xmlSecEncCtxXmlEncrypt:file=..\src\xmlenc.c:line=375:obj=unknown:subj=x
mlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed: ;last
error=1008(0x000003f0);last error msg=An attempt was made to reference a
token that does not exist.

Encryption complete with        status code -1


Here is the template ...

<?xml version="1.0" encoding="UTF-8"?>
<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns="http://www.w3.org/2001/04/xmlenc#">
	<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
	<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
		<EncryptedKey Id="EK"
xmlns="http://www.w3.org/2001/04/xmlenc#">
			<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
			<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:KeyName>Test User 1</ds:KeyName>
			</ds:KeyInfo>
			<CipherData>
				<CipherValue></CipherValue>
			</CipherData>
		</EncryptedKey>
	</ds:KeyInfo>
	<CipherData>
		<CipherValue></CipherValue>
	</CipherData>
</EncryptedData>


Any ideas ???

Thanks again,
Ed





More information about the xmlsec mailing list