[xmlsec] Missing encryptedkey ?
Aleksey Sanin
aleksey at aleksey.com
Sat Jun 9 17:08:46 PDT 2012
You need to use KW transform. Take a look at
tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.tmpl
Aleksey
On 6/9/12 10:15 AM, Roland Hedberg wrote:
>
> 9 jun 2012 kl. 18:14 skrev Aleksey Sanin:
>
>> Take a look at the tests in the tests/01-phaos-xmlenc-3/ folder.
>> In particular, enc-element-3des-kw-3des.tmpl
>
>
> Used the keys.xml from the above mentioned folder, used the template and modified the command to be:
>
> xmlsec1 encrypt --pubkey-cert-pem ../example/sp/pki/mycert.pem \
> --session-key des-192 --xml-data pre_saml2_response.xml \
> --keys-file keys.xml \
> --node-xpath '/*[local-name()="Response"]/*[local-name()="Assertion"]/*[local-name()="Subject"]/*[local-name()="EncryptedID"]/text()' \
> enc-element-3des-kw-3des.tmpl
>
> Same result though, the added part is:
>
> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
> Type="http://www.w3.org/2001/04/xmlenc#Element">
> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> <CipherData>
> <CipherValue>ZBx6+ENTu+nktBVSGunBlnBPGc4MXxNJg9vLd1Z/MBJKx2QU/W9kD7OJRQ+Op6ct+865Cgf/9AM=</CipherValue>
> </CipherData>
> </EncryptedData>
>
> No EncryptedKey element ?
> did I misunderstand you ?
>
> -- Roland
> ------------------------------------------------------
> Roland Hedberg
> IT Architect/Senior Researcher
> ICT Services and System Development (ITS)
> Umeå University
> SE-901 87 Umeå, Sweden
> Phone +46 90 786 68 44
> Mobile +46 70 696 68 44
> www.its.umu.se
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list