none
XML Decryption / Encryption RRS feed

  • Question

  • I wrote some code for encrypting and decrypting XML elements. I use the System.Security.Cryptography.EncryptedXml class for decryption/encryption in a desktop system, [.net 3.5]. I call its method "DecryptDocument()" for decryption. I also wrote an assembly for mobile devices running on .netCF 3.5, providing XML Encryption/Decryption compliant to the XML Encryption standard.  Everything worked fine with some test certificates made by MS Tool "MakeCert". Then i created a test cert by OpenSSL because i need to define some cert extensions, which cannot be done by "MakeCert". Using this cert i faced some problems: the "EncryptedData" element, created by my mobile XML cryptor, cannot be decrypted by .net class "EncryptedXml". The call of "DecryptDocument()" fails with the error "Unable to retrieve the decryption key", occured in Method "GetDecryptionKey()". 
    The oddities:
    1. decryption successes, if i encrypt by "EncryptedXml" class(using same cert).
    2. my assembly for mobile devices decrypts successfully the "EncryptedData" element, which couldnt be decrypted by "EncryptedXml" class.

    May be somebody has an idea, whats wrong. Here is an example of an "EncryptedData" element, which cause the problems as described above.

    1   <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">  
    2     <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />  
    3     <ds:KeyInfo>  
    4       <EncryptedKey>  
    5         <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />  
    6         <ds:KeyInfo>  
    7           <ds:KeyValue>  
    8             <ds:RSAKeyValue>  
    9               <ds:Modulus>sYljN8uPnTztv+vEFHsvK4QBHoBlJguZguWDvDoHaDutsTelkGiYnoiX5mD3z0+I/6Hpg7fhKa6BgL75tNxy8m1iAxveODs+tuChal/1VfJ+3ee6YBXqo82fTJPirFwewPCmLJMyhzEkvtpa8RjS9ZmI0LfKmhqwD2mipBOcGx8=</ds:Modulus>  
    10               <ds:Exponent>AQAB</ds:Exponent>  
    11             </ds:RSAKeyValue>  
    12           </ds:KeyValue>  
    13           <ds:X509Data>  
    14             <ds:X509IssuerSerial>  
    15               <ds:X509IssuerName>C=DE, ST=RLP, L=Koblenz, O=LBS, OU=LBS-Test 2, CN=LBS CA 07-08-08, E=stein@uni-koblenz.de</ds:X509IssuerName>  
    16               <ds:X509SerialNumber>5</ds:X509SerialNumber>  
    17             </ds:X509IssuerSerial>  
    18             <ds:X509SubjectName>C=DE, ST=RLP, O=LBS, OU=LBS-Test 2, CN=privacy.lbs.iwvi.uni-koblenz.de, E=stein@uni-koblenz.de</ds:X509SubjectName>  
    19             <ds:X509Certificate>MIIECzCCA3SgAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUxDDAKBgNVBAgTA1JMUDEQMA4GA1UEBxMHS29ibGVuejEMMAoGA1UEChMDTEJTMRMwEQYDVQQLEwpMQlMtVGVzdCAyMRgwFgYDVQQDEw9MQlMgQ0EgMDctMDgtMDgxIzAhBgkqhkiG9w0BCQEWFHN0ZWluQHVuaS1rb2JsZW56LmRlMB4XDTA4MDgwNzA3NDg1NFoXDTE4MDgwNTA3NDg1NFowgY0xCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNSTFAxDDAKBgNVBAoTA0xCUzETMBEGA1UECxMKTEJTLVRlc3QgMjEoMCYGA1UEAxMfcHJpdmFjeS5sYnMuaXd2aS51bmkta29ibGVuei5kZTEjMCEGCSqGSIb3DQEJARYUc3RlaW5AdW5pLWtvYmxlbnouZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALGJYzfLj5087b/rxBR7LyuEAR6AZSYLmYLlg7w6B2g7rbE3pZBomJ6Il+Zg989PiP+h6YO34SmugYC++bTccvJtYgMb3jg7PrbgoWpf9VXyft3numAV6qPNn0yT4qxcHsDwpiyTMocxJL7aWvEY0vWZiNC3ypoasA9poqQTnBsfAgMBAAGjggF1MIIBcTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAlBglghkgBhvhCAQ0EGBYWTEJTIC0gUHJpdmFjeSBQcm92aWRlcjAdBgNVHQ4EFgQUAbatcc+X7iGFDAxm9TWDwWWMvtkwgcQGA1UdIwSBvDCBuYAUjJhPHxIkJIrlTWsfN7E/k+kLgyOhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNSTFAxEDAOBgNVBAcTB0tvYmxlbnoxDDAKBgNVBAoTA0xCUzETMBEGA1UECxMKTEJTLVRlc3QgMjEYMBYGA1UEAxMPTEJTIENBIDA3LTA4LTA4MSMwIQYJKoZIhvcNAQkBFhRzdGVpbkB1bmkta29ibGVuei5kZYIJALIL+NSz5PWzMAgGA1kAAQQBADAIBgNZAAIEAQEwCAYDWQADBAEAMAgGA1kABAQBADAIBgNZAAUEAQAwCAYDWQAGBAEAMAgGA1kABwQBADANBgkqhkiG9w0BAQQFAAOBgQBNgCa5qaPwHrjJLAs245dNRbpZo3/BAawaOaRDR3KDWccBzTdMEugjFb9Fbl3gulkFAGAR4pwdhl5QN0yTCqIkPjXXG4h6xB46sMG5yXU/byKSECDWFStDaqbXauzHmhER/cM9JRuw34ohr32+I5Xgzs46cCXevUi/EG3Z0SFfbg==</ds:X509Certificate>  
    20           </ds:X509Data>  
    21         </ds:KeyInfo>  
    22         <CipherData>  
    23           <CipherValue>j97dxyvRWp5S06P/3LaQ4rD4CI19HQbug8uZg0BfRzUWwH9n3mEvaEx07e3xnxgYSvf/GEBh02G97Ni7yHmCeaz6KIap6K4qzQS6Cs+A+1JwISVNpRHEjxG2ZstYigmPnRYjPrfKe9+fpd9L3RRro7acnkuN2L87aWrYMSEBGvk=</CipherValue>  
    24         </CipherData>  
    25       </EncryptedKey>  
    26     </ds:KeyInfo>  
    27     <CipherData>  
    28       <CipherValue>DYdR0nQURbpIBTqgj3AhHQodPUP/up2xCJIttRNLO9w=</CipherValue>  
    29     </CipherData>  
    30   </EncryptedData>  
    31  

    Thx for some help or an advise in advance and plz excuse my bad english, if i made some mistakes in the post.
    Monday, September 1, 2008 12:26 PM