santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Putman <putm...@georgetown.edu>
Subject Re: Still stuck with problem. Re: Problem decrypting elements
Date Tue, 30 Oct 2007 21:55:09 GMT
Hi Wolfgang,
Since it's falling into the code branch in decryptToByteArray(Element)
that indicates that you did not specify a data decryption key to
XMLCipher#init(int, Key), then I assume you want to use an EncryptedKey
to carry the carry the data decryption key and that you want the library
to handle resolving that.  (If that's not the case then you should
specify a non-null Key to XMLCipher#init(int, Key) when decrypting,
possibly by resolving it yourself "manually" from the EncryptedData's
KeyInfo or from other contextual information, e.g. knowledge of the sender.)

The exception and log error you're seeing on decryption would be caused
by either the EncryptedData's KeyInfo being null, or the failure of the
registered KeyResolvers to resolve the data decryption key from the
EncryptedData's KeyInfo.

So assuming you want to use an EncryptedKey handled (resolved) by the
library at decryption time, you need to:

1) When encrypting, make sure to generate an EncryptedKey from the
symmetric data encryption key using the desired key encryption key.  If
you're using asymmetric keys for key transport, then the latter would be
the public key half of the recipient's key pair.  Then add the
EncryptedKey to *each* EncryptedData's KeyInfo.  (There are other ways
to place and resolve EncryptedKey's but that's the default resolution
mechanism supported by the library).

2) When decrypting, make sure to set the key encryption key (really
better called the key decryption key) using XMLCipher#setKEK(Key).  If
you're using asymmetric keys for key transport, then that is going to be
the private key half of the recipient's key pair.

If that still doesn't clear it up, you might want to post some of the
code that shows how you are both encrypting and decrypting in the
failure case.  It does sound like you are just omitting something
simple.  Not sure why it's working for you in some cases and not others.

Are you doing things differently with key handling/resolution in the
single element vs. multiple element cases?  Also, since it sounded like
you were just running in an IDE: are you by chance reusing the same
XMLCipher instance across both the encryption and decryption
operations?  It's possible that there might be a bug that might cause
unpredictable results due to internal state that's being tracked or
something.  Just speculating.

--Brent



Wolfgang Freis wrote:
> Hello all,
>
> I'm still stuck with this problem and don't know what else to try.  I'm
> basically using the sample code with some modifications to handle multiple
> elements.
>
> Encryption works fine with child elements or contents both when a single or
> multiple elements with the same name are encrypted.  However, decryption
> only works when there is a single element or content node to decrypt.  If
> there are more, an exception is thrown:
>
>   Oct 30, 2007 2:28:18 PM org.apache.xml.security.encryption.XMLCipher
>     decryptToByteArray
>   SEVERE: XMLCipher::decryptElement called without a key and unable to
>     resolve Exception in thread "main"
>     org.apache.xml.security.encryption.XMLEncryptionException: No Key
>     Encryption Key loaded and cannot determine using key resolvers
>
> Stepping through the code in my IDE, I can see that the key gets loaded. 
> What is missing, though, is the KeyInfo.  Method
> decryptToByteArray(Element element) in class XMLCipher tries to get the
> KeyInfo:
>
>    KeyInfo ki = encryptedData.getKeyInfo();
>
> When ki gets evaluated it is null, however, and the exception is thrown. 
> Again, it only happens when multiple elements are encrypted.
>
> Obviously, I'm missing something here but neither the documentation nor the
> email archive have given me any clues on how to solve this.  Any help will
> be greatly appreciated.
>
> Thanks,
> Wolfgang
>
>
>
>
>
>
>
> Quoting Wolfgang Freis <wolfgang.freis@yale.edu>:
>
>   
>> Hello,
>>
>> I'm new to working with XML encryption and have come across a problem.
>> Neither the email archive nor have brought me closer to a solution.
>>
>> Google Starting with the sample files Encrypter.java and Decrypter.java
>> I
>> have managed to en- and decrypt elements by name.  However, decryption
>> works only when there is only one element encrypted.  If I encrypt
>> multiple elements by name--as siblings or as children of different
>> parents--the decryptor throws an exception:
>>
>> Oct 26, 2007 3:56:45 PM org.apache.xml.security.encryption.XMLCipher
>>     decryptToByteArray
>> SEVERE: XMLCipher::decryptElement called without a key and unable to
>>     resolve
>> Exception in thread "main"
>> org.apache.xml.security.encryption.XMLEncryptionException:
>>     No Key Encryption Key loaded and cannot determine using key
>> resolvers
>>
>> My IDE tells that the key file was loaded and, as I said, the decryption
>> works fine when only one element of the XML is encrypted.  I tried
>> decrypting by iterating over the NodeList returned from
>> getElementsByTagNameNS(namespaceURI, localName) and trying to just grab
>> the first item.  Both generate the same exception.  From what I can see
>> in
>> the IDE is that the method decryptToByteArray(Element element) called
>> from
>> doFinal( document, encryptedDataElement) throws the exception, but it
>> escapes me why that happens.
>>
>> Any help will be greatly appreciated.
>>
>> Thanks,
>> Wolfgang
>>
>>
>>
>>     
>
>   

Mime
View raw message