[xmlsec] WS-I compliant templates

Aleksey Sanin aleksey at aleksey.com
Fri May 22 08:08:02 PDT 2009 

You need to specify "Type" of encryption in the EncryptedData node

<EncryptedData ... Type="http://www.w3.org/2001/04/xmlenc#Content">

to encrypt the node content or "...#Element" to encrypt the whole node.

Aleksey

Henry Rollins wrote:
> Hi, Aleksey!
> 
> Can xmlsec work with WS-I compliant templates?
> For example, i tried to encrypt message with the follwoing template but 
> was not succeeded:
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <wsse:Security 
> xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>                
> xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' 
> 
>                xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
>                xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
>   <xenc:EncryptedKey>
>     <xenc:EncryptionMethod 
> Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5' />
>     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>     <ds:KeyName>my-rsa-key</ds:KeyName>
>     </ds:KeyInfo>
>     <xenc:CipherData>
>       <xenc:CipherValue>
>       </xenc:CipherValue>
>     </xenc:CipherData>
>     <xenc:ReferenceList>
>       <xenc:DataReference URI='#Enc1' />
>     </xenc:ReferenceList>
>   </xenc:EncryptedKey>
>   <xenc:EncryptedData Id='Enc1'>
>     <xenc:EncryptionMethod 
> Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc' />
>     <xenc:CipherData>
>       <xenc:CipherValue>
>       </xenc:CipherValue>
>     </xenc:CipherData>
>   </xenc:EncryptedData>
> </wsse:Security>
> 
> The error was following:
> func=xmlSecEncCtxXmlEncrypt:file=xmlenc.c:line=417:obj=unknown:subj=unknown:error=14:invalid 
> type:type=NULL
> Error: failed to encrypt xml file "./orig_content.xml"
> Error: failed to encrypt file with template 
> "./req__encryptedkey_before_encrypteddata_v.tmpl"
> 
> This example I composed according to: 
> http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#EncryptedKey
> 
> Thanks!
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list