Problem with rsa-1_5 padding mechanism

Email lists > Apache XML Security dev help

Thread: Problem with rsa-1_5 padding mechanism

Search this list only Search all lists
Problem with rsa-1_5 padding mechanism
	2006-03-30 08:13:13

I encrypted a XML document containing a <xenc:EncryptedKey> element and a <xenc:EncryptedData> element using XML Apache XML security. I tried to decrypt it using XSS4J library and I didn't succeed!!! The problem seems to occur when the secret key encapsulated into the <xenc:EncryptedKey> element is decrypted by XSS4J library. Doing some investigation, I found that XML Apache security library encrypts the secret key using the algorithm http://www.w3.org/2001/04/xmlenc#rsa-1_5 with a cipher ‘RSA/ECB/PKCS1Padding̵7; and that IBM XSS4J uses ‘RSA/ECB/NoPadding’. The “XML Encryption Syntax and Processing” specifications of the W3C is not clear for me concernig the rsa-1_5 encryption algorithm. Is a padding associated to rsa-1_5 encryption or not ? Who has right ;? IBM XSS4J library or XML Apache Security library ? I think it is a critical bug either into XSS4J ;or into Apache XML security ... or am I wrong ? Thanks for your answer. Regards. Yvan Hess Here is the XML encrypted (partial). <edoc:data xmlns:edoc="http://www.imtf.com/hypersuite/edoc/2.0/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlnsenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptedKey Id="Revision-1-Encryption-1-EncryptedKey-1">     <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>     <ds:KeyInfo>       <ds:KeyName>SphinxTest</ds:KeyName>   </ds:KeyInfo>     <xenc:CipherData>       <xenc:CipherValue>PMblWX1U9dQhiMTSMXsX9kO8Udg8Pii8XhrRmOKJ+HiuSZUEvsfBtDwFzoXjwnCdYb+LkqPxYZ8EzgQxbxObI1RrUdg6iy4R3T0d+/H/tK34cjm8itoqDDSkyod9/bOtqnEnv3AzAgkBFNCbR7NZ3N7i7gonjMAzes6wuNRCYsg=</xenc:CipherValue>     </xenc:CipherData>     <xenc:CarriedKeyName>secretKey</xenc:CarriedKeyName> </xenc:EncryptedKey> <xenc:EncryptedData Id="Revision-1-Encryption-1-EncryptedData-1">     <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>     <ds:KeyInfo>       <ds:KeyName>secretKey</ds:KeyName>     </ds:KeyInfo>     <xenc:CipherData>       <xenc:CipherReference URI="urn:hypersuite:534177D3-C0A8027601B4E829-57982AC1.txt"/>     </xenc:CipherData> </xenc:EncryptedData> </edoc:data>
Problem with rsa-1_5 padding mechanism
	2006-03-30 08:24:31
Hi, W3C is being very clear about padding while encrypting using RSA 1.5 alg: http://www.w3.org/TR/xmlenc-core/#sec-Alg-KeyTransport In other words: you have to use padding. Btw, padding is not something complex and can be easily implemented. Hope it helps, Milan --- Hess Yvan <Yvan.Hessimtf.ch> wrote: > I encrypted a XML document containing a <xenc:EncryptedKey> element and > a <xenc:EncryptedData> element using XML Apache XML security. I tried to > decrypt it using XSS4J library and I didn't succeed!!! The problem seems > to occur when the secret key encapsulated into the <xenc:EncryptedKey> > element is decrypted by XSS4J library. > > > > Doing some investigation, I found that XML Apache security library > encrypts the secret key using the algorithm > http://www.w 3.org/2001/04/xmlenc#rsa-1_5 with a cipher > 'RSA/ECB/PKCS1Padding' and that IBM XSS4J uses 'RSA/ECB/NoPadding'. > > > > The "XML Encryption Syntax and Processing" specifications of the W3C is > not clear for me concernig the rsa-1_5 encryption algorithm. Is a > padding associated to rsa-1_5 encryption or not ? > > > > Who has right ? IBM XSS4J library or XML Apache Security library ? > > > > I think it is a critical bug either into XSS4J or into Apache XML > security ... or am I wrong ? > > > > Thanks for your answer. > > > > Regards. Yvan Hess > > > > Here is the XML encrypted (partial). > > > > <edoc:data xmlns:edoc="http://www.i mtf.com/hypersuite/edoc/2.0/" > xmlns:ds="http://www.w3.org/ 2000/09/xmldsig#" > xmlnsenc= "http://www.w3.org/2 001/04/xmlenc#"> > > <xenc:EncryptedKey Id="Revision-1-Encryption-1-EncryptedKey-1"> > > <xenc:EncryptionMethod > Algorithm="http://www.w 3.org/2001/04/xmlenc#rsa-1_5"/> > > <ds:KeyInfo> > > <ds:KeyName>SphinxTest</ds:KeyName> > > </ds:KeyInfo> > > <xenc:CipherData> > > > <xenc:CipherValue>PMblWX1U9dQhiMTSMXsX9kO8Udg8Pii8XhrR mOKJ+HiuSZUEvsfBtD > wFzoXjwnCdYb+LkqPxYZ8EzgQxbxObI1RrUdg6iy4R3T0d+/H/tK34cjm8it oqDDSkyod9/b > OtqnEnv3AzAgkBFNCbR7NZ3N7i7gonjMAzes6wuNRCYsg=</xenc:Ciph erValue> > > </xenc:CipherData> > > <xenc:CarriedKeyName>secretKey</xenc:CarriedKeyName > > > </xenc:EncryptedKey> > > <xenc:EncryptedData Id="Revision-1-Encryption-1-EncryptedData-1"> > > <xenc:EncryptionMethod > Algorithm="http:/ /www.w3.org/2001/04/xmlenc#tripledes-cbc"/> > > <ds:KeyInfo> > > <ds:KeyName>secretKey</ds:KeyName> > > </ds:KeyInfo> > > <xenc:CipherData> > > <xenc:CipherReference > URI="urn:hypersuite:534177D3-C0A8027601B4E829-57982AC1 .txt"/> > > </xenc:CipherData> > > </xenc:EncryptedData> > > </edoc:data> > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES