[xmlsec] SOAP and the xmlsec1 tool
Aleksey Sanin
aleksey at aleksey.com
Fri Apr 24 06:31:36 PDT 2015
xmlsec doesn't support <wsse:SecurityTokenReference/> extension out of
the box.
Aleksey
On 4/24/15 3:29 AM, Ole Laursen wrote:
> Hi!
>
> Is the xmlsec1 tool supposed to be able to decrypt SOAP messages
> encrypted with wsse:Security out of the box?
>
> I have received such an XML document which has the following in the SOAP header
>
> <xenc:EncryptedKey Id="EncKeyId-80E57A3BB5197E4F63142
> 139343107910935"><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
> /><ds:KeyInfo xmlns:ds="http://www
> .w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference><wsse:KeyIdentifier
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-se
> curity-1.0#Base64Binary"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdent
> ifier">M4gzH2lwkAVRexsB3yk1wG6Fl8g=</wsse:KeyIdentifier></wsse:SecurityTokenReference>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>PRFdy...vsQ==</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
> URI="#EncDataId-26243" /></xenc:ReferenceList></xenc:EncryptedKey>
>
> (which I suppose is a symmetric key encrypted with a public key where
> I have the private key) and the following in the SOAP body (which I
> suppose is encrypted with the symmetric key)
>
> <xenc:EncryptedData Id="EncDataId-26243"
> Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /><ds:KeyInfo
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference
> URI="#EncKeyId-80E57A3BB5197E4F63142139343107910935"
> /></wsse:SecurityTokenReference>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>a+2W...x5g</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
>
> When I try
>
> xmlsec1 decrypt --pkcs12 mykey.p12 --pwd SECRET soapmessage.xml
>
> it says
>
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> library function failed:
> func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=957:obj=unknown:subj=unknown:error=45:key
> is not found:
> func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=715:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec
> library function failed:
> func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=623:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
> library function failed:
> Error: failed to decrypt file
>
> I'm not really sure how to debug this, or whether it is even supposed
> to work at all?
>
>
> Ole
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list