santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larchier Christophe" <clarch...@axway.com>
Subject RE: xml encryption/decryption of binary data
Date Fri, 31 Mar 2006 12:56:41 GMT

I have to sign then encrypt the documents, so they must be exactly the same before and after
encryption/decryption.
If the start document has an xml header, the finish document must have the xml header (even
if it is superfluous).

Example :
- Start document :
<?xml version="1.0" encoding="UTF-8"?>

<PurchaseOrder>
...
</PurchaseOrder>

- Finish document (after encryption/decryption) :
<PurchaseOrder>
...
</PurchaseOrder>


Now, as the 2 documents are not identical it's not possible to verify the signature.


Christophe
 

-----Message d'origine-----
De : Berin Lautenbach [mailto:berin@wingsofhermes.org]
Envoyé : vendredi 31 mars 2006 13:35
À : security-dev@xml.apache.org
Objet : Re: xml encryption/decryption of binary data


Larchier Christophe wrote:
> Thanks for your answer, Berin.
> 
> My need is to encrypt a complete xml file (with the xml header, the blank lines etc.)
and not only a DOM document (which is the xml file parsed) because when the file is parsed
some informations are loosen.

Just so I understand - what information is lost in your application?
The xml header is not necessary if the encoding is UTF-8, as the XML
version is 1.0, so all the information contained in the header is known.
 The encryption process should not throw any blank lines away unless
they are in places where the spec defines that they do not matter - e.g.

<the_element
attribute1="1"
attribute2="2">

</the_element>

Will get transformed to

<the_element attribute1="1" attribute2="2">

</the_element>

as lines between attributes do not count as "information" in XML.  But
the lines in the text node are definitely kept.

If I can understand what information is being lost during parsing I
might be able to come up with something that will work.

Cheers,
	Berin


> 
> So, I think that I must consider the xml file as binary datas.
> If I understand your answer, I have to create a DOM document with a <dummy> element
containing the binary datas base64 encoded and then encrypt with "doFinal(doc, dummyElt, true)".
> I will get something like that :
> <dummy>
> 	<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" MimeType="application/XML"
Type="http://www.w3.org/2001/04/xmlenc#Content">
> 	...
> 	</xenc:EncryptedData>
> </dummy>
> 
> It's not a very interoperable solution because the receiver must know that the <dummy>
element must be removed and that the datas must be base64 decoded.
> 
> An improvement could be perhaps to remove the <dummy> level node and remove the
Type attribute (Type="http://www.w3.org/2001/04/xmlenc#Content"), but there is still the problem
of base64 encoding/decoding.
> 
> Do you have a better idea/solution ?
> 
> Christophe
> 
>  
> 
> 
> -----Message d'origine-----
> De : Berin Lautenbach [mailto:berin@wingsofhermes.org]
> Envoyé : vendredi 31 mars 2006 10:59
> À : security-dev@xml.apache.org
> Objet : Re: xml encryption/decryption of binary data
> 
> 
> Christophe,
> 
> I'm not 100% sure I understand the problems, but I'll try to give some
> thoughts.
> 
> The xml header is added (or not added) as part of the serialisation
> process.  How do you serialise your document once you have done the
> encryption?
> 
> For the decrypt - that looks fine.  Can you post more code?  I'm not an
> expert on the Java library, but others on the list may be able to assist
> with more code to look at.
> 
> It is possible to do encryption of binary data, but you cannot simply
> add it to the document.  If you want it inside the XML, you need to
> encode it (generally base64) and then add it.  The resultant XML can
> then be encrypted.
> 
> The alternative is to place the binary data in a separate file and have
> a reference to that file in the XML document.  But I don't think that is
> quite what you want.
> 
> Cheers,
> 	Berin
> 
> 
> Larchier Christophe wrote:
> 
>>Nobody uses xml encryption with binary datas ???
>> 
>>
>>    -----Message d'origine-----
>>    *De :* Larchier Christophe [mailto:clarchier@axway.com]
>>    *Envoyé :* mercredi 29 mars 2006 17:41
>>    *À :* security-dev@xml.apache.org
>>    *Objet :* xml encryption/decryption of binary data
>>
>>    Hi all,
>>
>>    When I use apache xml security library to encrypt an xml document
>>    like the following one, the xml header is loosen.
>>
>>    <?xml version="1.0" encoding="UTF-8"?>
>>
>>    <PurchaseOrder>
>>    ...
>>    </PurchaseOrder>
>>
>>
>>    After encrypting/decrypting, I get only :
>>
>>    <PurchaseOrder>
>>    ...
>>    </PurchaseOrder>
>>
>>
>>    I use the doFinal() method to encrypt/decrypt with the all document
>>    as parameter :
>>    xmlCipher.doFinal(doc, doc);
>>
>>
>>    How do you manage this ?
>>
>>    Is it possible to do xml encryption with binary datas ?
>>    I have tried to insert my binary datas into a dom document, but some
>>    special characters are added (to replace < > \).
>>
>>    Thanks,
>>    Christophe
>>
> 
> 
> 

Mime
View raw message