[xmlsec] encryption works but decryption failed
Aleksey Sanin
aleksey at aleksey.com
Fri Jan 18 13:32:47 PST 2008
There are plenty of examples in xmlsec/test folder
Aleksey
Balakrishnan Viswanathan wrote:
> Aleksey,
>
> Thanks again. I fear that I am taking too much of your time just trying
> to understand the basics of this tool.
>
> Basically, what I am trying to accomplish as part of learning this tool
> is to encrypt and decrypt a simple xml file and running into problems
> with templates, switches etc.
>
> Is there a place or document where I can find a template, a set of keys,
> syntax for encrypt/decrypt that work out-of-the-box, the reason being
> such canned examples will help novices like me.
>
> -Bala
>
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
> Sent: Friday, January 18, 2008 1:23 PM
> To: Balakrishnan Viswanathan
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] encryption works but decryption failed
>
> Well, your public key can not be used for AES192 encryption
> requested by the template.
>
> Aleksey
>
> Balakrishnan Viswanathan wrote:
>> Aleksey,
>>
>> Sorry for being a bit dense. This node is already in the template and
>> yes I am using pub key?.
>>
>> -Bala
>>
>> -----Original Message-----
>> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>> Sent: Friday, January 18, 2008 12:04 PM
>> To: Balakrishnan Viswanathan
>> Cc: xmlsec at aleksey.com
>> Subject: Re: [xmlsec] encryption works but decryption failed
>>
>> <EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
>>
>> and you are using public key...
>>
>> Aleksey
>>
>> Balakrishnan Viswanathan wrote:
>>> Aleksey
>>>
>>> I took the template
>>>
>>>
> http://svn.gnome.org/viewvc/xmlsec/trunk/tests/aleksey-xmlenc-01/enc-des
>>> 3cbc-aes192-keyname.tmpl?view=markup
>>>
>>> and this time even encrypt failed with "key not found error"
>>>
>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
>>> --binary-da
>>> ta test.xml --session-key aes-192 --pubkey-pem:test-aes192
>>> leafkeypub.pem --outp
>>> ut testenc.xml templatefromaleksey.xml
>>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>> wn:subj=
>>> unknown:error=45:key is not found:
>>>
> func=xmlSecEncCtxUriEncrypt:file=..\src\xmlenc.c:line=527:obj=unknown:su
>>> bj=xmlSe
>>> cEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>> Error: failed to encrypt file "test.xml"
>>> Error: failed to encrypt file with template "templatefromaleksey.xml"
>>>
>>>
>>> -Bala
>>>
>>> -----Original Message-----
>>> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>>> Sent: Friday, January 18, 2008 11:38 AM
>>> To: Balakrishnan Viswanathan
>>> Cc: xmlsec at aleksey.com
>>> Subject: Re: [xmlsec] encryption works but decryption failed
>>>
>>> Oh, never mine. I got it. You specify "session key" and
>>> in this case you *must* add <EncryptedKey> to the template
>>> to actually store the session key. Checkout examples
>>> in xmlsec/tests/aleksey-xmlenc-01
>>>
>>> Aleksey
>>>
>>> Balakrishnan Viswanathan wrote:
>>>> Aleksey,
>>>>
>>>> I tried that already and same result, commands below:-
>>>>
>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --encrypt
>>>> --binary-da
>>>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
>> --output
>>>> testenc.x
>>>> ml template2withoutKeyName.xml
>>>>
>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
>>> testenc.xml
>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec --decrypt
>>>> --privkey-p
>>>> em leafkey.pem --output testdecrypt.xml testenc.xml
>>>> Enter password for "leafkey.pem" file:
>>>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>>>> xmlSecKe
>>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>>> wn:subj=
>>>> unknown:error=45:key is not found:
>>>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>>>> wn:subj=
>>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>>>> xmlSecEn
>>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>>> Error: failed to decrypt file
>>>> Error: failed to decrypt file "testenc.xml"
>>>>
>>>> -Bala
>>>>
>>>> -----Original Message-----
>>>> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>>>> Sent: Friday, January 18, 2008 11:30 AM
>>>> To: Balakrishnan Viswanathan
>>>> Cc: xmlsec at aleksey.com
>>>> Subject: Re: [xmlsec] encryption works but decryption failed
>>>>
>>>> Could you please to try to remove the KeyName and
>>>> do *not* specify key name in the command line?
>>>>
>>>> Aleksey
>>>>
>>>> Balakrishnan Viswanathan wrote:
>>>>> Aleksey,
>>>>>
>>>>> Thanks for your quick response. I tried removing the <KeyName/>
> from
>>>> the
>>>>> template and also specified the KeyName for encrypt and decrypt,
> but
>>>>> decrypt still fails with "key not found" error
>>>>>
>>>>>
>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
> --encrypt
>>>>> --binary-da
>>>>> ta test.xml --session-key des-192 --pubkey-pem:leaf-key
>>> leafkeypub.pem
>>>>> --output
>>>>> testenc.xml template2withoutKeyName.xml
>>>>>
>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>notepad
>>>> testenc.xml
>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
> --decrypt
>>>>> --privkey-p
>>>>> em:leaf-key leafkey.pem --output testdecrypt.xml testenc.xml
>>>>> Enter password for "leafkey.pem" file:
>>>>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>>>>> xmlSecKe
>>>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>>>> wn:subj=
>>>>> unknown:error=45:key is not found:
>>>>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>>>>> wn:subj=
>>>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed:
>>>>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>>>>> xmlSecEn
>>>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>>>> Error: failed to decrypt file
>>>>> Error: failed to decrypt file "testenc.xml"
>>>>>
>>>>>
>>>>> I am attaching the template and encrypted document. Thanks.
>>>>>
>>>>> -Bala
>>>>>
>>>>> -----Original Message-----
>>>>> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>>>>> Sent: Friday, January 18, 2008 10:37 AM
>>>>> To: Balakrishnan Viswanathan
>>>>> Cc: xmlsec at aleksey.com
>>>>> Subject: Re: [xmlsec] encryption works but decryption failed
>>>>>
>>>>> Most likely the cause of the problem is "empty"
>>>>> KeyName node. Try to remove it from the template
>>>>> or specify key name in the command line options
>>>>> for both encryption and decryption.
>>>>>
>>>>> Aleksey
>>>>>
>>>>> Balakrishnan Viswanathan wrote:
>>>>>> Hi All,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I am a newbie to xmlsec and also to security in general. I am
>> trying
>>>>> to
>>>>>> use xmlsec utility to encrypt and decrypt using the windows binary
>
>>>>>> provided by Igor. I am able to successfully encrypt a xml file
>> using
>>>>> syntax
>>>>>>
>>>>>>
>>>>>> Encryption:-
>>>>>>
>>>>>>
>>>>>>
>>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
>> --encrypt
>>>>>> --binary-da
>>>>>>
>>>>>> ta test.xml --session-key des-192 --pubkey-pem leafkeypub.pem
>>>> --output
>>>>>> testenc.x
>>>>>>
>>>>>> ml template2.xml
>>>>>>
>>>>>>
>>>>>>
>>>>>> the above works and I can see the encrypted data in <ciphervalue>
>>>> node
>>>>>> of the output document testenc.xml (also attached).
>>>>>>
>>>>>>
>>>>>>
>>>>>> However, when I try the reverse, i.e, decrypting the document from
>>>>> above
>>>>>> step I get error below
>>>>>>
>>>>>>
>>>>>>
>>>>>> Decryption fails:-
>>>>>>
>>>>>>
>>>>>>
>>>>>> C:\xmlsecutility\libxmlsec-1.2.10.win32\bin\example>xmlsec
>> --decrypt
>>>>>> --privkey-p
>>>>>>
>>>>>> em leafkey.pem --output testdecrypt.xml testenc.xml
>>>>>>
>>>>>> Enter password for "leafkey.pem" file:
>>>>>>
>>>>>>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=
>>>>> xmlSecKe
>>>>>> ysMngrFindKey:error=1:xmlsec library function failed:
>>>>>>
>>>>>>
> func=xmlSecEncCtxEncDataNodeRead:file=..\src\xmlenc.c:line=885:obj=unkno
>>>>> wn:subj=
>>>>>> unknown:error=45:key is not found:
>>>>>>
>>>>>>
> func=xmlSecEncCtxDecryptToBuffer:file=..\src\xmlenc.c:line=643:obj=unkno
>>>>> wn:subj=
>>>>>> xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function
> failed:
>>>>>>
> func=xmlSecEncCtxDecrypt:file=..\src\xmlenc.c:line=582:obj=unknown:subj=
>>>>> xmlSecEn
>>>>>> cCtxDecryptToBuffer:error=1:xmlsec library function failed:
>>>>>>
>>>>>> Error: failed to decrypt file
>>>>>>
>>>>>> Error: failed to decrypt file "testenc.xml"
>>>>>>
>>>>>>
>>>>>>
>>>>>> The error says "key not found", but key is in the same folder
> where
>>> I
>>>>> am
>>>>>> running it from. I am also attaching the private key (password -
>>>> leaf)
>>>>>> and public key that corresponds to it
>>>>>>
>>>>>>
>>>>>>
>>>>>> I am attaching all the relevant files. Any pointers are
>> appreciated.
>>>>> Thanks.
>>>>>>
>>>>>>
>>>>>> -Bala
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
> ------------------------------------------------------------------------
>>>>>> _______________________________________________
>>>>>> xmlsec mailing list
>>>>>> xmlsec at aleksey.com
>>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>>>
>>>>>>
> ------------------------------------------------------------------------
>>>>>> _______________________________________________
>>>>>> xmlsec mailing list
>>>>>> xmlsec at aleksey.com
>>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list