You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Carpe Sebastien <se...@atosorigin.com> on 2004/08/10 15:36:40 UTC

Re: Puzzled with xml encryption using a key pair [Solved]

Vishal's solution made it.

So currently, if one wishes to use a keystore and a assymetric key-pair 
to encrypt the symetric key, the only thing to pay attention to is :
1) generate keys using the appropriate algorythm , i.e. keytool 
...-keyalg "RSA...
2) use the good XmlCipher Algorythm : XmlCipher.RSA_v1dot5

beside this (and the modification implied by the fact you use a keystore 
and so, need to load keys from there instead of the "kek" file) the 
sample code to encrypt/decrypt an xml file works out of the box.

Hope this helps the next puzzled one ;-)
Seb C.

Vishal Mahajan wrote:

> Carpe Sebastien wrote:
>
>> This is a newbie question on xml-security usage. If i'm targetting 
>> the wrong list, please redirect me and forgive me the buzz.
>>
>> The wholme project is java. I'm using xmlsec-1.1.0, xerces 2.6.2, and 
>> the last bouncy-castle (downloaded yesterday - Aug, 9th)
>> Here is what i'd like to do :
>> - Encrypt a full xml file with a generated key.
>> - wrap the key inside the xml, encoded with a public key.
>>
>> The receiver should be able to decrypt the key with his private key, 
>> and then decrypt the xml datas.
>>
>> Currently, i've understood and generated the key pair in a key store. 
>> I have managed to retrieve both keys.
>>
>> I've managed to run the samples (encrypter/decrypter) successfully.
>> The only thing i'm missing, i think, is the link between my public 
>> key from key store, and the symetric key encryption. Starting for the 
>> sample code, i've tried a few things, like simply using my private 
>> key (i know, it should be the public one, but that's not the point), 
>> or trying to change the algorythm uri to something similar to the one 
>> used when generating the keys, but failed.
>>
>> The keypair was generated using the keytool tool, with default values 
>> (DSA algo, 1024 key size).
>
>
> Use an RSA key-pair instead of DSA. Then in the code below specify the 
> "algorithmURI" value as "XMLCipher.RSA_v1dot5".
>
> Hope this helps,
>
> Vishal
>
>>
>> The faulting code is :
>> ----------------------
>>            String algorithmURI = XMLCipher.TRIPLEDES_KeyWrap;
>>
>>            XMLCipher keyCipher = XMLCipher.getInstance(algorithmURI);
>>            keyCipher.init(XMLCipher.WRAP_MODE, privateKey);
>>            EncryptedKey encryptedKey = keyCipher.encryptKey(document, 
>> symmetricKey);
>> -----------------------
>> private key is ... my private key... I'm also half sure that the 
>> Algorithm URI is a bad one..
>>
>> Anyway, if somebody could help me, send me some sample code, or point 
>> me to any URL, that would help me a lot.
>> I've browsed google, about 15 sites, and 6 month or mailing list 
>> archive without getting a clue
>>
>> Thanx for any consideration,
>>
>> Seb C.
>>
>
>
>