You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by sermagico <se...@tiscali.it> on 2008/06/04 17:32:35 UTC
problem in unwrapping key
Hi all,
I try to develop an application for xml encryption/decryption, but I have
some issue. I encrypt a file with a AES key, then I wrap this key with a
RSAprivateKey and I store it (wrapped AES) in the same xml file.
Unfortunately when I try to unwrap the AES key with the PublicKey associated
with the previous PrivateKey the below exception is raised up:
Exception in thread "main"
org.apache.xml.security.encryption.XMLEncryptionException: unknown key type
passed to RSA
Original Exception was java.security.InvalidKeyException: unknown key type
passed to RSA
PublicKey and PrivateKey are stored on a smartcard.
This is my code:
XMLCipher CKey= XMLCipher.getInstance();
XMLCipher CMsg= XMLCipher.getInstance();
CKey.init(XMLCipher.UNWRAP_MODE, this.pkey);
CMsg.init(XMLCipher.DECRYPT_MODE, null);
Element encryptedDataElement = (Element) document
.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS,
EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
EncryptedData encryptedData =
xmlCipherMsg.loadEncryptedData(document,
encryptedDataElement);
EncryptedKey encryptedKey = encryptedData.getKeyInfo()
.itemEncryptedKey(0);
String algorithm =
encryptedKey.getEncryptionMethod().getAlgorithm();
CipherValue Value = encryptedKey.getCipherData().getCipherValue();
//Exception here
Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm );
I hope you can help me.
Thank you in advance.
Best regards.
Sergio.
--
View this message in context: http://www.nabble.com/problem-in-unwrapping-key-tp17649597p17649597.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: problem in unwrapping key
Posted by sermagico <se...@tiscali.it>.
Hi,
I try to change the algorithm name in "decryptkey" method, but I don't solve
the problem.
If I insert :
Key secretKey = xmlCipherKey.decryptKey(encryptedKey,"AES");
I get the following exception:
Exception in thread "main" java.lang.NullPointerException
at
org.apache.xml.security.algorithms.JCEMapper.getJCEKeyAlgorithmFromURI(Unknown
Source)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(Unknown
Source)
Instead if I insert one of the following I get the exception I've explained
last time:
final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_128);
final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_128_KeyWrap);
final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_192);
final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_192_KeyWrap);
final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_256);
final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_256_KeyWrap);
final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,"http://www.w3.org/2001/04/xmlenc#aes128-cbc");
final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
Thank you for your help.
Regards.
Sergio.
Brent Putman wrote:
>
> Ok. I think I see your problem:
>
> String algorithm = encryptedKey.getEncryptionMethod().getAlgorithm();
>
> Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm );
>
> The algorithm URI that you pass into the XMLCipher#decryptKey method is
> the algorithm URI for the wrapped key that you are decrypting, *not* the
> one associated with the key encryption key itself. When it gets
> unwrapped/decrypted, it's just an array of bytes. You have to give it
> structure by telling it how to interpret that byte[] so it can produce a
> specific SecretKey impl (AES, triple DES, etc).
>
> So in your case it would be the AES one for the data encryption key.
> So, you would pull that from the
> EncryptedData/EncryptionMethod/@Algorithm attribute, not the
> EncryptedKey attribute.
>
> --Brent
>
>
> sermagico wrote:
>> Hi Brent,
>> thank you for your reply, I made a mistake in explanation, in fact I
>> already
>> use the public key for wrapping and the private key for unwrapping (in
>> the
>> code private key is pkey).
>> Sorry for the misunderstanding. I hope you can give me a hand.
>> Thank you in advance.
>> Sergio.
>>
>>
>> Brent Putman wrote:
>>
>>> You have it backwards. You should encrypt/wrap the AES data encryption
>>> key with the recipient's *public* key. The recipient then decrypts with
>>> their *private* key.
>>>
>>> If you think about the use cases, you'll quickly realize why that is.
>>>
>>> --Brent
>>>
>>>
>>> sermagico wrote:
>>>
>>>> Hi all,
>>>> I try to develop an application for xml encryption/decryption, but I
>>>> have
>>>> some issue. I encrypt a file with a AES key, then I wrap this key with
>>>> a
>>>> RSAprivateKey and I store it (wrapped AES) in the same xml file.
>>>> Unfortunately when I try to unwrap the AES key with the PublicKey
>>>> associated
>>>> with the previous PrivateKey the below exception is raised up:
>>>>
>>>> Exception in thread "main"
>>>> org.apache.xml.security.encryption.XMLEncryptionException: unknown key
>>>> type
>>>> passed to RSA
>>>> Original Exception was java.security.InvalidKeyException: unknown key
>>>> type
>>>> passed to RSA
>>>>
>>>>
>>>> PublicKey and PrivateKey are stored on a smartcard.
>>>> This is my code:
>>>>
>>>> XMLCipher CKey= XMLCipher.getInstance();
>>>> XMLCipher CMsg= XMLCipher.getInstance();
>>>> CKey.init(XMLCipher.UNWRAP_MODE, this.pkey);
>>>> CMsg.init(XMLCipher.DECRYPT_MODE, null);
>>>>
>>>>
>>>> Element encryptedDataElement = (Element) document
>>>>
>>>> .getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS,
>>>> EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
>>>>
>>>> EncryptedData encryptedData =
>>>> xmlCipherMsg.loadEncryptedData(document,
>>>> encryptedDataElement);
>>>> EncryptedKey encryptedKey = encryptedData.getKeyInfo()
>>>> .itemEncryptedKey(0);
>>>>
>>>> String algorithm =
>>>> encryptedKey.getEncryptionMethod().getAlgorithm();
>>>>
>>>> CipherValue Value =
>>>> encryptedKey.getCipherData().getCipherValue();
>>>>
>>>> //Exception here
>>>> Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm
>>>> );
>>>>
>>>>
>>>> I hope you can help me.
>>>> Thank you in advance.
>>>> Best regards.
>>>>
>>>> Sergio.
>>>>
>>>>
>>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/problem-in-unwrapping-key-tp17649597p17669001.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: problem in unwrapping key
Posted by Brent Putman <pu...@georgetown.edu>.
Ok. I think I see your problem:
String algorithm = encryptedKey.getEncryptionMethod().getAlgorithm();
Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm );
The algorithm URI that you pass into the XMLCipher#decryptKey method is
the algorithm URI for the wrapped key that you are decrypting, *not* the
one associated with the key encryption key itself. When it gets
unwrapped/decrypted, it's just an array of bytes. You have to give it
structure by telling it how to interpret that byte[] so it can produce a
specific SecretKey impl (AES, triple DES, etc).
So in your case it would be the AES one for the data encryption key.
So, you would pull that from the
EncryptedData/EncryptionMethod/@Algorithm attribute, not the
EncryptedKey attribute.
--Brent
sermagico wrote:
> Hi Brent,
> thank you for your reply, I made a mistake in explanation, in fact I already
> use the public key for wrapping and the private key for unwrapping (in the
> code private key is pkey).
> Sorry for the misunderstanding. I hope you can give me a hand.
> Thank you in advance.
> Sergio.
>
>
> Brent Putman wrote:
>
>> You have it backwards. You should encrypt/wrap the AES data encryption
>> key with the recipient's *public* key. The recipient then decrypts with
>> their *private* key.
>>
>> If you think about the use cases, you'll quickly realize why that is.
>>
>> --Brent
>>
>>
>> sermagico wrote:
>>
>>> Hi all,
>>> I try to develop an application for xml encryption/decryption, but I have
>>> some issue. I encrypt a file with a AES key, then I wrap this key with a
>>> RSAprivateKey and I store it (wrapped AES) in the same xml file.
>>> Unfortunately when I try to unwrap the AES key with the PublicKey
>>> associated
>>> with the previous PrivateKey the below exception is raised up:
>>>
>>> Exception in thread "main"
>>> org.apache.xml.security.encryption.XMLEncryptionException: unknown key
>>> type
>>> passed to RSA
>>> Original Exception was java.security.InvalidKeyException: unknown key
>>> type
>>> passed to RSA
>>>
>>>
>>> PublicKey and PrivateKey are stored on a smartcard.
>>> This is my code:
>>>
>>> XMLCipher CKey= XMLCipher.getInstance();
>>> XMLCipher CMsg= XMLCipher.getInstance();
>>> CKey.init(XMLCipher.UNWRAP_MODE, this.pkey);
>>> CMsg.init(XMLCipher.DECRYPT_MODE, null);
>>>
>>>
>>> Element encryptedDataElement = (Element) document
>>>
>>> .getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS,
>>> EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
>>>
>>> EncryptedData encryptedData =
>>> xmlCipherMsg.loadEncryptedData(document,
>>> encryptedDataElement);
>>> EncryptedKey encryptedKey = encryptedData.getKeyInfo()
>>> .itemEncryptedKey(0);
>>>
>>> String algorithm =
>>> encryptedKey.getEncryptionMethod().getAlgorithm();
>>>
>>> CipherValue Value =
>>> encryptedKey.getCipherData().getCipherValue();
>>>
>>> //Exception here
>>> Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm );
>>>
>>>
>>> I hope you can help me.
>>> Thank you in advance.
>>> Best regards.
>>>
>>> Sergio.
>>>
>>>
>>>
>>
>
>
Re: problem in unwrapping key
Posted by sermagico <se...@tiscali.it>.
Hi Brent,
thank you for your reply, I made a mistake in explanation, in fact I already
use the public key for wrapping and the private key for unwrapping (in the
code private key is pkey).
Sorry for the misunderstanding. I hope you can give me a hand.
Thank you in advance.
Sergio.
Brent Putman wrote:
>
> You have it backwards. You should encrypt/wrap the AES data encryption
> key with the recipient's *public* key. The recipient then decrypts with
> their *private* key.
>
> If you think about the use cases, you'll quickly realize why that is.
>
> --Brent
>
>
> sermagico wrote:
>> Hi all,
>> I try to develop an application for xml encryption/decryption, but I have
>> some issue. I encrypt a file with a AES key, then I wrap this key with a
>> RSAprivateKey and I store it (wrapped AES) in the same xml file.
>> Unfortunately when I try to unwrap the AES key with the PublicKey
>> associated
>> with the previous PrivateKey the below exception is raised up:
>>
>> Exception in thread "main"
>> org.apache.xml.security.encryption.XMLEncryptionException: unknown key
>> type
>> passed to RSA
>> Original Exception was java.security.InvalidKeyException: unknown key
>> type
>> passed to RSA
>>
>>
>> PublicKey and PrivateKey are stored on a smartcard.
>> This is my code:
>>
>> XMLCipher CKey= XMLCipher.getInstance();
>> XMLCipher CMsg= XMLCipher.getInstance();
>> CKey.init(XMLCipher.UNWRAP_MODE, this.pkey);
>> CMsg.init(XMLCipher.DECRYPT_MODE, null);
>>
>>
>> Element encryptedDataElement = (Element) document
>>
>> .getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS,
>> EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
>>
>> EncryptedData encryptedData =
>> xmlCipherMsg.loadEncryptedData(document,
>> encryptedDataElement);
>> EncryptedKey encryptedKey = encryptedData.getKeyInfo()
>> .itemEncryptedKey(0);
>>
>> String algorithm =
>> encryptedKey.getEncryptionMethod().getAlgorithm();
>>
>> CipherValue Value =
>> encryptedKey.getCipherData().getCipherValue();
>>
>> //Exception here
>> Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm );
>>
>>
>> I hope you can help me.
>> Thank you in advance.
>> Best regards.
>>
>> Sergio.
>>
>>
>
>
--
View this message in context: http://www.nabble.com/problem-in-unwrapping-key-tp17649597p17654421.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: problem in unwrapping key
Posted by Brent Putman <pu...@georgetown.edu>.
You have it backwards. You should encrypt/wrap the AES data encryption
key with the recipient's *public* key. The recipient then decrypts with
their *private* key.
If you think about the use cases, you'll quickly realize why that is.
--Brent
sermagico wrote:
> Hi all,
> I try to develop an application for xml encryption/decryption, but I have
> some issue. I encrypt a file with a AES key, then I wrap this key with a
> RSAprivateKey and I store it (wrapped AES) in the same xml file.
> Unfortunately when I try to unwrap the AES key with the PublicKey associated
> with the previous PrivateKey the below exception is raised up:
>
> Exception in thread "main"
> org.apache.xml.security.encryption.XMLEncryptionException: unknown key type
> passed to RSA
> Original Exception was java.security.InvalidKeyException: unknown key type
> passed to RSA
>
>
> PublicKey and PrivateKey are stored on a smartcard.
> This is my code:
>
> XMLCipher CKey= XMLCipher.getInstance();
> XMLCipher CMsg= XMLCipher.getInstance();
> CKey.init(XMLCipher.UNWRAP_MODE, this.pkey);
> CMsg.init(XMLCipher.DECRYPT_MODE, null);
>
>
> Element encryptedDataElement = (Element) document
>
> .getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS,
> EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
>
> EncryptedData encryptedData =
> xmlCipherMsg.loadEncryptedData(document,
> encryptedDataElement);
> EncryptedKey encryptedKey = encryptedData.getKeyInfo()
> .itemEncryptedKey(0);
>
> String algorithm =
> encryptedKey.getEncryptionMethod().getAlgorithm();
>
> CipherValue Value = encryptedKey.getCipherData().getCipherValue();
>
> //Exception here
> Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm );
>
>
> I hope you can help me.
> Thank you in advance.
> Best regards.
>
> Sergio.
>
>