santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julien TAUPIN <julien.tau...@ilex.fr>
Subject RE: Initialisation vector
Date Mon, 12 Sep 2005 06:59:14 GMT
Thanks a lot,

I had seen this part of the sentence but I was not sure about its meaning.

So there is'nt any problem for Initialisation Vector.

-----Message d'origine-----
De : Sean Mullan [mailto:Sean.Mullan@Sun.COM] 
Envoyé : vendredi 9 septembre 2005 19:49
À : security-dev@xml.apache.org
Objet : Re: Initialisation vector

Julien TAUPIN wrote:
> Hi all,
> 
> I try to perform an XML encryption of data by a secret key. In the w3c 
> recommendations it is precised that the initialisation vector IV must 
> be transmit but does not specified where : "the IV, if any, could be 
> specified as being with the cipher data, as an algorithm content 
> element, or elsewhere"

Actually, you missed an earlier part of that sentence which is very
important (section 5.2) http://www.w3.org/TR/xmlenc-core/#sec-Alg-Block:

"For user specified block encryption algorithms, the IV, if any, could be
specified as being with the cipher data, as an algorithm content element, or
elsewhere."

Note the words "user specified" which to me implies a non-standard block
encryption algorithm. The next paragraph states:

"The IV is encoded with and before the cipher text for the algorithms below
for ease of availability to the decryption code and to emphasize its
association with the cipher text. Good cryptographic practice requires that
a different IV be used for every encryption."

So as long as you are using one of the standard algorithms, it should be
encoded before the cipher text.

> 
> So with XmlSec I place the IV at the beginning of the ciphered data 
> but how can I be sure that an other program will use it.
> 
> Symmetrically, during decryption I take the IV at the beginning of the 
> ciphered data. But how can I find it if the enrcypting program placed 
> it elsewhere.
> 

Mime
View raw message