[xmlsec] Encrypting Content
Aleksey Sanin
aleksey at aleksey.com
Mon Mar 28 12:44:14 UTC 2022
Glad you figured it out!
Best,
Aleksey
On 3/26/22 4:26 PM, Timothy Legge wrote:
> Hi
>
> I was sitting watching my son play hockey and realized my issue.
>
> The example I was using --node-xpath
> '/PayInfo/CreditCard/Number/text()' grabs the text of the Number
> element. As it is already text,
> http://www.w3.org/2001/04/xmlenc#Content is not valid.
>
> Changing it to --node-xpath '/PayInfo/CreditCard/Number allows me to
> use http://www.w3.org/2001/04/xmlenc#Content in the template and it
> correctly encrypts just the credit card number.
>
> So the example from
> https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html
> was incorrect.
>
> Thanks for the earlier reply.
>
> Tim
>
> Timothy Legge
> timlegge at gmail.com
> timlegge at cpan.org
>
> On Sat, Mar 26, 2022 at 11:49 AM Timothy Legge <timlegge at gmail.com> wrote:
>>
>> Hi Aleksey
>>
>> I just wrote a perl module to encrypt and decrypt XML. As part of the
>> test scripts I am using xmlsec to encrypt XML to verify that the
>> XML::Enc module can properly decrypt the XML.
>>
>> I ran into trouble with xmlsec encrypting the content within a tag.
>> When I used the xpath /PayInfo/CreditCard/Number/text() to get the
>> Content xmlsec only seems to encrypt the Content correctly if I use
>> http://www.w3.org/2001/04/xmlenc#Element as the EncryptedData type.
>> If I try to use http://www.w3.org/2001/04/xmlenc#Content it leaves
>> the Content of the Number empty.
>>
>> My tests are in
>> https://github.com/perl-net-saml2/perl-XML-Enc/blob/main/t/07-decrypt-xmlsec.t
>> basically I test with both an Encrypted Element and Encrypted Content.
>> In the Module I have to use an option force_element_to_content so that
>> when the xmlsec encrypted Content is decrypted that includes the
>> http://www.w3.org/2001/04/xmlenc#Element as the EncryptedData Type I
>> treat it as if it was Content if it is not valide XML. In this case
>> it is simply the credit card number.
>>
>> I will take a look at the examples in case I am doing something
>> incorrect in my xmlsec commands.
>>
>> Tim
>>
>> Timothy Legge
>> timlegge at gmail.com
>> timlegge at cpan.org
>>
>> On Sat, Mar 26, 2022 at 11:06 AM Aleksey Sanin <aleksey at aleksey.com> wrote:
>>>
>>> Hi Timothy,
>>>
>>> I am not exactly sure what are you trying to do but I recommend
>>> checking out examples:
>>>
>>> https://github.com/lsh123/xmlsec/tree/master/examples
>>>
>>> and tests:
>>>
>>> https://github.com/lsh123/xmlsec/tree/master/tests
>>>
>>> Also, if you can explain what is your goal, then it might be easier
>>> to provide a solution for your problem.
>>>
>>> Best,
>>>
>>> Aleksey
>>>
>>> On 3/25/22 7:15 PM, Timothy Legge wrote:
>>>> Hi
>>>>
>>>> Sorry, I sent this directly to Aleksey initially...
>>>>
>>>> I was following:
>>>> https://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html
>>>> (which is reasonably close enough for me to get encryption working.
>>>>
>>>> Specifically the following command results in the Content in
>>>> /PayInfo/CreditCard/Number/text() being properly encrypted. However,
>>>> I would expect that the EncryptedData Type should be
>>>> "http://www.w3.org/2001/04/xmlenc#Content" instead of the specified
>>>> Element for this to properly encrypt the Content. Changing it to
>>>> Content causes the doc-encrypted.xml created to be missing data in the
>>>> Number tags: "<Number></Number>".
>>>>
>>>> To me it appears this to be a bug but likely I am misreading the
>>>> XML-Enc specifications.
>>>>
>>>> Any thoughts?
>>>>
>>>> xmlsec1 --encrypt --pubkey-cert-pem t/sign-certonly.pem
>>>> --session-key des-192 --xml-data doc-plain.xml --output
>>>> doc-encrypted.xml --node-xpath '/PayInfo/CreditCard/Number/text()'
>>>> session-key-template.xml
>>>>
>>>> ========================================
>>>> doc-plain.xml
>>>> ========================================
>>>> <?xml version="1.0" encoding="utf-8" ?>
>>>> <PayInfo>
>>>> <Name>John Smith</Name>
>>>> <CreditCard Limit='2,000' Currency='USD'>
>>>> <Number>1076 2478 0678 5589</Number>
>>>> <Issuer>CitiBank</Issuer>
>>>> <Expiration>06/10</Expiration>
>>>> </CreditCard>
>>>> </PayInfo>
>>>> ========================================
>>>> session-key-template.xml
>>>> ==========================================
>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>> <!--
>>>> XML Security Library example: Original XML
>>>> doc file before encryption (encrypt3 example).
>>>> -->
>>>> <EncryptedData
>>>> xmlns="http://www.w3.org/2001/04/xmlenc#"
>>>> Type="http://www.w3.org/2001/04/xmlenc#Element">
>>>> <EncryptionMethod Algorithm=
>>>> "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>>>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>>>> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
>>>> <EncryptionMethod Algorithm=
>>>> "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>>>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>>>> <KeyName/>
>>>> </KeyInfo>
>>>> <CipherData>
>>>> <CipherValue/>
>>>> </CipherData>
>>>> </EncryptedKey>
>>>> </KeyInfo>
>>>> <CipherData>
>>>> <CipherValue/>
>>>> </CipherData>
>>>> </EncryptedData>
>>>> ==========================================
>>>>
>>>>
>>>> Timothy Legge
>>>> timlegge at gmail.com
>>>> timlegge at cpan.org
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list