[xmlsec] AES Encryption with a keyfile doese not work.

Mike Fudd mifudd at hotmail.com
Thu Jan 4 07:13:31 PST 2007


Hello Mailinglist,

I have a problem with xmlsec.exe encryption. I gave to the program a file 
with a AES256 key, but the result cannot be decrypted. Moreover, the 
encrypted files has always another content after every encryption. I think 
that xmlsec.exe doese not use the AES from the file. (xmlsec.exe uses in 
every encryption process another AES key.) The command I use:

xmlsec.exe
--encrypt
--xml-data T:\VS6\nnn\Debug\Example.xml
--aeskey:myAesKey T:\VS6\nnn\Debug\aes256.bin
--node-name Passwords
--output T:\VS6\nnn\Debug\result.xml
--print-debug
T:\VS6\nnn\Debug\my-tmpl.xml

No error messages were given while executing. The resulting file result.xml 
seems to be ok. (With the disadvantage that I cannot decrypt it with my 
key.)
I have debugged xmlsec.exe with VC6 debugger. I have come to function 
xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad in file crypto.c. It should read 
the key. All return values are in this func fine. So the key is read without 
errors. But maybe I must set somewhere that xmlsec should use this key? 
Because of debug line: "=== key usage: -1"

1. Can someone help me what I have to add?

2. Doese someone know an easy to use AES Encryption/Decryption program? I 
have found many tools in the internet, but there is the AES key always 
protected by a pass phrase, so I dont know how to insert my own AES key. (At 
this moment Im using a web page for AES decryption.)


Thanks for the help

Mike





Output of the above xmlsec.exe debug call:
-------------------------------------------------------------------------------------------------
= DATA ENCRYPTION CONTEXT
== Status: replaced
== flags: 0x00000000
== flags2: 0x00000000
== Type: "http://www.w3.org/2001/04/xmlenc#Content"
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: aes
==== keyType: 0x00000004
==== keyUsage: 0x00000004
==== keyBitsSize: 256
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Encryption Transform Ctx:
== TRANSFORMS CTX (status=1)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: aes256-cbc (href=http://www.w3.org/2001/04/xmlenc#aes256-cbc)
=== Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
=== Transform: membuf-transform (href=NULL)
== Encryption Method:
=== Transform: aes256-cbc (href=http://www.w3.org/2001/04/xmlenc#aes256-cbc)
== Encryption Key:
== KEY
=== method: AESKeyValue
=== key type: Symmetric
=== key usage: -1
=== AESKeyValue: size=256
== Result - start buffer:
fJBFAnLqVzckLapJdx6l3J/Y2Qd9o+xT55XkNc6XGE+DlG7M/KEn/XZUSHTTORR1
3mIuxUDUiH7xkByRMnlkuiIxkXC25PER6jgw063MJuNrGFHWde28o06VHFRVBD5C
TxDjp9qx16DZA24mZXKIlwkoTS9og+aUGJAKRsUkO6wLNDtf54WHFFuCaQQqY3dX
F9CtTnoOIKi1+gIoSHRbEft3Ac+gMgc99NnW4DcejIyqQVhjxXc0Y5Iw0dAPm8wu
uceGGV+g5WLmfAH9FytvFOPMWdTyLCuBSdZuq785ktzV7v8J071tOoQx2eI4OEaz
m99S4eELTPmQ9WyGvc0n4u6X0N3oHAYN/F1kEIboauZOUj+QNJtqn7TtZNYoj4Sn
OoOY2Cc9OKIU/GyxSfPU/D3zxMHYTFIOOK7ECPE9+CQ=
== Result - end buffer
-------------------------------------------------------------------------------------------------

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/




More information about the xmlsec mailing list