[xmlsec] Can't decrypt GCM based algorithms
Aleksey Sanin
aleksey at aleksey.com
Tue Mar 29 15:57:23 UTC 2022
Well, the gcm code for openssl is here:
https://github.com/lsh123/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L80
so adding printfs in these functions would help.
Do you get any errors?
Aleksey
On 3/29/22 11:51 AM, Timothy Legge wrote:
> Hi
>
> I am working on adding support for aes*-gcm to perl's XML::Enc. I can:
>
> 1. Decrypt SAML responses encrypted with aes*-gcm using XML::Enc
> 2. Decrypt xmlsec encrypted aes*-gcm XML using XML::Enc
> 3. Encrypt XML using aes*-gcm with XML::Sec
> 4. Decrypt XML that was encrypted with XML::Sec using ases*-gcm
>
> However, I cannot use xmlsec to decrypt XML::Sec encrypted XML that
> uses aes*-gcm.
>
> I can't think of any issues that would allow me to encrypt and decrypt
> XML successfully with XML::Enc but not allow xmlsec to decrypt those
> files.
>
> I was wondering if there is a debug flag for XML sec that would allow
> me to output the following:
>
> 1. base64 of the CipherValue it reads from the XML file
> 2. base 64 of IV
> 3 base64 of encrypted data
> 4 base 64 of the tag
> 5 base 64 of the key
>
> I don't mind adding some print debugging and recompiling if you can
> point me to a starting place. It has been a while since I wrote much
> C but I have no issues. Finding the correct spot though...
>
> Tim
>
> Timothy Legge
> timlegge at gmail.com
> timlegge at cpan.org
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list