Return-Path: 
 <security-dev-return-6630-apmail-xml-security-dev-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-security-dev-archive@www.apache.org
Received: (qmail 11269 invoked from network); 5 Jun 2008 12:44:56 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 5 Jun 2008 12:44:56 -0000
Received: (qmail 63151 invoked by uid 500); 5 Jun 2008 12:44:58 -0000
Delivered-To: apmail-xml-security-dev-archive@xml.apache.org
Received: (qmail 62842 invoked by uid 500); 5 Jun 2008 12:44:58 -0000
Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:security-dev@xml.apache.org>
List-Help: <mailto:security-dev-help@xml.apache.org>
List-Unsubscribe: <mailto:security-dev-unsubscribe@xml.apache.org>
Reply-To: security-dev@xml.apache.org
List-Id: <security-dev.xml.apache.org>
Delivered-To: mailing list security-dev@xml.apache.org
Received: (qmail 62831 invoked by uid 99); 5 Jun 2008 12:44:58 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jun 2008 05:44:57 -0700
X-ASF-Spam-Status: No, hits=2.6 required=10.0
	tests=DNS_FROM_OPENWHOIS,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates
 216.139.236.158 as permitted sender)
Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jun 2008 12:44:07 +0000
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from <lists@nabble.com>)
	id 1K4EpL-0008RD-Bf
	for security-dev@xml.apache.org; Thu, 05 Jun 2008 05:44:23 -0700
Message-ID: <17669001.post@talk.nabble.com>
Date: Thu, 5 Jun 2008 05:44:23 -0700 (PDT)
From: sermagico <sermagico@tiscali.it>
To: security-dev@xml.apache.org
Subject: Re: problem in unwrapping key
In-Reply-To: <4846F064.7020505@georgetown.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: sermagico@tiscali.it
References: <17649597.post@talk.nabble.com> <4846BFAA.5010806@georgetown.edu>
 <17654421.post@talk.nabble.com> <4846F064.7020505@georgetown.edu>
X-Virus-Checked: Checked by ClamAV on apache.org


Hi,
I try to change the algorithm name in "decryptkey" method, but I don't solve
the problem.
If I insert :
Key secretKey = xmlCipherKey.decryptKey(encryptedKey,"AES");
I get the following exception:

Exception in thread "main" java.lang.NullPointerException
at
org.apache.xml.security.algorithms.JCEMapper.getJCEKeyAlgorithmFromURI(Unknown
Source)
        at org.apache.xml.security.encryption.XMLCipher.decryptKey(Unknown
Source)

Instead if I insert one of the following I get the exception I've explained
last time:
        final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_128);
        final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_128_KeyWrap);
        final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_192);
        final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_192_KeyWrap);        
        final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_256);
        final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,XMLCipher.AES_256_KeyWrap);          
        final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,"http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        final Key secretKey =
xmlCipherKey.decryptKey(encryptedKey,"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");

Thank you for your help.
Regards.
Sergio.



Brent Putman wrote:
> 
> Ok.  I think I see your problem:
> 
> String algorithm = encryptedKey.getEncryptionMethod().getAlgorithm();
> 
> Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm );
> 
> The algorithm URI that you pass into the XMLCipher#decryptKey method is 
> the algorithm URI for the wrapped key that you are decrypting, *not* the 
> one associated with the key encryption key itself.  When it gets 
> unwrapped/decrypted, it's just an  array of bytes.  You have to give it 
> structure by telling it how to interpret that byte[] so it can produce a 
> specific  SecretKey impl (AES, triple DES, etc).
> 
> So in your case it would be the AES one for the data encryption key.  
> So, you would pull that from the 
> EncryptedData/EncryptionMethod/@Algorithm attribute, not the 
> EncryptedKey attribute.
> 
> --Brent
> 
> 
> sermagico wrote:
>> Hi Brent,
>> thank you for your reply, I made a mistake in explanation, in fact I
>> already
>> use the public key for wrapping and the private key for unwrapping (in
>> the
>> code private key is pkey).
>> Sorry for the misunderstanding. I hope you can give me a hand.
>> Thank you in advance.
>> Sergio.
>>
>>
>> Brent Putman wrote:
>>   
>>> You have it backwards.  You should encrypt/wrap the AES data encryption 
>>> key with the recipient's *public* key.  The recipient then decrypts with 
>>> their *private* key.
>>>
>>> If you think about the use cases, you'll quickly realize why that is.
>>>
>>> --Brent
>>>
>>>
>>> sermagico wrote:
>>>     
>>>> Hi all,
>>>> I try to develop an application for xml encryption/decryption, but I
>>>> have
>>>> some issue. I encrypt a file with a AES key, then I wrap this key with
>>>> a
>>>> RSAprivateKey and I store it (wrapped AES) in the same xml file. 
>>>> Unfortunately when I try to unwrap the AES key with the PublicKey
>>>> associated
>>>> with the previous PrivateKey the below exception is raised up:
>>>>
>>>> Exception in thread "main"
>>>> org.apache.xml.security.encryption.XMLEncryptionException: unknown key
>>>> type
>>>> passed to RSA
>>>> Original Exception was java.security.InvalidKeyException: unknown key
>>>> type
>>>> passed to RSA
>>>>
>>>>
>>>> PublicKey and PrivateKey are stored on a smartcard.
>>>> This is my code:
>>>>
>>>>         XMLCipher CKey= XMLCipher.getInstance();
>>>>         XMLCipher CMsg= XMLCipher.getInstance();
>>>>         CKey.init(XMLCipher.UNWRAP_MODE, this.pkey);
>>>>         CMsg.init(XMLCipher.DECRYPT_MODE, null);
>>>>         
>>>>        
>>>>         Element encryptedDataElement = (Element) document
>>>>                
>>>> .getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS,
>>>>                 EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
>>>>               
>>>>         EncryptedData encryptedData =
>>>> xmlCipherMsg.loadEncryptedData(document,
>>>>                 encryptedDataElement);
>>>>         EncryptedKey encryptedKey = encryptedData.getKeyInfo()
>>>>         .itemEncryptedKey(0);
>>>>         
>>>>         String algorithm =
>>>> encryptedKey.getEncryptionMethod().getAlgorithm();
>>>>         
>>>>         CipherValue Value =
>>>> encryptedKey.getCipherData().getCipherValue();
>>>>                
>>>> //Exception here
>>>>         Key secretKey = xmlCipherKey.decryptKey(encryptedKey,algorithm
>>>> );
>>>>         
>>>>
>>>> I hope you can help me.
>>>> Thank you in advance.
>>>> Best regards.
>>>>
>>>> Sergio.
>>>>        
>>>>   
>>>>       
>>>     
>>
>>   
> 
> 

-- 
View this message in context: http://www.nabble.com/problem-in-unwrapping-key-tp17649597p17669001.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.