EncryptionMethod within EncryptedData

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

EncryptionMethod within EncryptedData

Lijun Liao-2
Is the public key algorithm, e.g. RSA_OAEP and RSA_v1.5 allowed in the xenc:EncryptionMethod within xenc:EncryptedData element? This can be used for the encryption of data of a few bytes.

Thanks,

Lijun Liao
---
http://www.nds.rub.de/liao



Reply | Threaded
Open this post in threaded view
|

RE: EncryptionMethod within EncryptedData

Christian Geuer-Pollmann

The algorithms in the xenc spec are configurable, so you could encrypt data directly using RSA. What may happen is that you run in then is compatibility issues with other implementations.

 

BUT - if your question is whether you can use the algorithms identified by “http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p” and “http://www.w3.org/2001/04/xmlenc#rsa-1_5” for EncryptedData, the answer is simple: You can’t. These algorithms are for key transport (and hence for EncryptedKey).

 

If you still feel that you need to wrap a few octets using RSA, you may use an own algorithm ID such as http://www.nds.rub.de/liao/xmlenc#rsa-oaep-mgf1p or something similar.

 

The easiest and robust method would be to encrypt your octets using AES or some other symmetric block algo, and then wrap your content encryption key with RSA. That’s fully interoperable with the rest of the world.

 

Christian

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Lijun Liao
Sent: Mittwoch, 6. Dezember 2006 09:58
To: [hidden email]
Subject: EncryptionMethod within EncryptedData

 

Is the public key algorithm, e.g. RSA_OAEP and RSA_v1.5 allowed in the xenc:EncryptionMethod within xenc:EncryptedData element? This can be used for the encryption of data of a few bytes.

Thanks,

Lijun Liao
---
http://www.nds.rub.de/liao