You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Eric Tournier <er...@keynectis.com> on 2007/04/11 13:44:33 UTC
XML Security and JCE
Hi :)
I'm hoping this is the right list to be emailing this question to.
I'm using a home-made XML Encryption implementation which uses
javax.crypto.* classes but unfortunately I'm not the developer of this
implementation. In order to test interoperability of it with well-known
API, I'm trying to encrypt a XML document with XML Security and decrypt
the result with my implementation, and vice-versa.
I don't known how to do this and I feel a lilltle bit lost with all
the initialization and configuration paramters of XML Security. Could
someone teach me how to do ?
Here are XML Security encryption :
========
KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede", "BC");
keyGenerator.init(secureRandom);
SecretKey sessionKey = keyGenerator.generateKey();
XMLCipher xmlCipherRSA =
XMLCipher.getProviderInstance(XMLCipher.RSA_v1dot5, "BC");
xmlCipherRSA.init(XMLCipher.WRAP_MODE, clefPublique);
EncryptedKey encryptedKey = xmlCipherRSA.encryptKey(doc, sessionKey);
Element rootElement = doc.getDocumentElement();
XMLCipher xmlCipher = XMLCipher.getProviderInstance(TRIPLEDES, "BC");
xmlCipher.init(XMLCipher.ENCRYPT_MODE, sessionKey);
EncryptedData encryptedData = xmlCipher.getEncryptedData();
KeyInfo keyInfo = encryptedData.getKeyInfo();
if (keyInfo == null)
{
keyInfo = new KeyInfo(doc);
encryptedData.setKeyInfo(keyInfo);
}
keyInfo.add(encryptedKey);
xmlCipher.doFinal(doc, rootElement, true);
========
Here are home-made encryption :
========
KeyGenerator keyGen;
keyGen = KeyGenerator.getInstance("DESede", "BC");
keyGen.init(secureRandom);
SecretKey key = keyGen.generateKey();
Cipher cipherRSA = Cipher.getInstance("RSA/NONE/PKCS1PADDING", "BC");
cipherRSA.init(Cipher.ENCRYPT_MODE, this.publicKey);
byte[] encryptedKey = cipherRSA.doFinal(key.getEncoded());
String sessionKey = new String(Base64.encodeBase64(encryptedKey,
false));
byte[] iv = { (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte)
0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 };
Cipher cipher = Cipher.getInstance("DESede/CBC/ISO10126-2Padding",
"BC");
cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
byte[] encryptedBytes = cipher.doFinal(data.substring(begin + 1,
end).getBytes("UTF-8"));
byte[] ivBytes = concatanate(iv, encryptedBytes);
String cipherValue = new String(Base64.encodeBase64(ivBytes));
========
Thanks in advance for all
Ticker
RE: XML Security and JCE
Posted by "Vogler, Thomas" <Th...@softwareag.com>.
Hi Eric,
if i understand your code right, you treat your XML document as a string
of UTF-8 characters and encrypt those directly using the javax.crypto
classes with the application of a base64 transform at the end to get
some string data as ciphertext.
This way of encrypting XML data has nothing to do with XML Security - it
would apply to any data you choose. XML Encryption on the contrary as
understood on this list is about encrypting, decrypting, signing and
verification of XML Documents, where the result is again such an XML
Document with parts of it probably encrypted. With the technology in
here you can take an XML document describing an employee and encrypt
only the salary field, while keeping the rest of the data in clear form.
All this requires of course some additional, XML Security specific, XML
elements to be added to the document.
I think the difference becomes obvious when you search for samples of
XML documents that were encrypted using XML Security.
HTH
Thomas - speaking for me and not for my employer...
________________________________
From: Eric Tournier [mailto:eric.tournier@keynectis.com]
Sent: Mittwoch, 11. April 2007 13:45
To: security-dev@xml.apache.org
Subject: XML Security and JCE
Hi :)
I'm hoping this is the right list to be emailing this question to.
I'm using a home-made XML Encryption implementation which uses
javax.crypto.* classes but unfortunately I'm not the developer of this
implementation. In order to test interoperability of it with well-known
API, I'm trying to encrypt a XML document with XML Security and decrypt
the result with my implementation, and vice-versa.
I don't known how to do this and I feel a lilltle bit lost with all
the initialization and configuration paramters of XML Security. Could
someone teach me how to do ?
Here are XML Security encryption :
========
KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede", "BC");
keyGenerator.init(secureRandom);
SecretKey sessionKey = keyGenerator.generateKey();
XMLCipher xmlCipherRSA =
XMLCipher.getProviderInstance(XMLCipher.RSA_v1dot5, "BC");
xmlCipherRSA.init(XMLCipher.WRAP_MODE, clefPublique);
EncryptedKey encryptedKey = xmlCipherRSA.encryptKey(doc, sessionKey);
Element rootElement = doc.getDocumentElement();
XMLCipher xmlCipher = XMLCipher.getProviderInstance(TRIPLEDES, "BC");
xmlCipher.init(XMLCipher.ENCRYPT_MODE, sessionKey);
EncryptedData encryptedData = xmlCipher.getEncryptedData();
KeyInfo keyInfo = encryptedData.getKeyInfo();
if (keyInfo == null)
{
keyInfo = new KeyInfo(doc);
encryptedData.setKeyInfo(keyInfo);
}
keyInfo.add(encryptedKey);
xmlCipher.doFinal(doc, rootElement, true);
========
Here are home-made encryption :
========
KeyGenerator keyGen;
keyGen = KeyGenerator.getInstance("DESede", "BC");
keyGen.init(secureRandom);
SecretKey key = keyGen.generateKey();
Cipher cipherRSA = Cipher.getInstance("RSA/NONE/PKCS1PADDING", "BC");
cipherRSA.init(Cipher.ENCRYPT_MODE, this.publicKey);
byte[] encryptedKey = cipherRSA.doFinal(key.getEncoded());
String sessionKey = new String(Base64.encodeBase64(encryptedKey,
false));
byte[] iv = { (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte)
0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 };
Cipher cipher = Cipher.getInstance("DESede/CBC/ISO10126-2Padding",
"BC");
cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
byte[] encryptedBytes = cipher.doFinal(data.substring(begin + 1,
end).getBytes("UTF-8"));
byte[] ivBytes = concatanate(iv, encryptedBytes);
String cipherValue = new String(Base64.encodeBase64(ivBytes));
========
Thanks in advance for all
Ticker
Software AG - Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany, - Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/ Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), David Broadbent, Mark Edwards, Dr. Peter Kurpick, Alfred Pfaff, Arnd Zinnhardt; - Aufsichtsratsvorsitzender/ Chairman of the Supervisory Board: Frank F. Beelitz - http://www.softwareag.com