santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Initialisation vector
Date Fri, 09 Sep 2005 17:49:08 GMT
Julien TAUPIN wrote:
> Hi all,
> 
> I try to perform an XML encryption of data by a secret key. In the w3c
> recommendations it is precised that the initialisation vector IV must be
> transmit but does not specified where : "the IV, if any, could be specified
> as being with the cipher data, as an algorithm content element, or
> elsewhere"

Actually, you missed an earlier part of that sentence which is very 
important (section 5.2) http://www.w3.org/TR/xmlenc-core/#sec-Alg-Block:

"For user specified block encryption algorithms, the IV, if any, could 
be specified as being with the cipher data, as an algorithm content 
element, or elsewhere."

Note the words "user specified" which to me implies a non-standard block 
encryption algorithm. The next paragraph states:

"The IV is encoded with and before the cipher text for the algorithms 
below for ease of availability to the decryption code and to emphasize 
its association with the cipher text. Good cryptographic practice 
requires that a different IV be used for every encryption."

So as long as you are using one of the standard algorithms, it should be 
encoded before the cipher text.

> 
> So with XmlSec I place the IV at the beginning of the ciphered data but how
> can I be sure that an other program will use it.
> 
> Symmetrically, during decryption I take the IV at the beginning of the
> ciphered data. But how can I find it if the enrcypting program placed it
> elsewhere. 
> 


Mime
View raw message