 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / XML / March 2008XML decryption
What is the correct procedure to decrypt a xmldsig document encrypted with the receiver's public key? I can successfully load the correct private key from the .pfx file or search for it in the certificate storage but I'm hit with the "CryptographicException: Unable to retrieve the decryption key" in Xml.EncryptedXml.DecryptDocument no matter what I do. Here is some of the stuff I tried: public static bool Decrypt(XmlDocument doc, X509Certificate2 cert) { // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(doc); // I've tried to insert the certificate in certificate store for decryption. X509Store store = new X509Store(StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Add( cert); store.Close(); // I've tried to add a key-name mapping. // This method can only decrypt documents that present the specified key name. AsymmetricAlgorithm rsa = cert.PrivateKey; exml.AddKeyNameMapping("EncryptedData", rsa); //the element with encryption data exml.AddKeyNameMapping("Name-of-encrypted-element", rsa); // the name of encrypted element // Decrypt the element. or die trying exml.DecryptDocument(); } The encrypted element has the following structure: <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http:// www.w3.org/2001/04/xmlenc#Element"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/ xmlenc#tripledes-cbc"/> <KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey Recipient="CAcert WoT User" xmlns:xenc="http:// www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/ xmlenc#rsa-1_5"/> <CipherData> <CipherValue>b64-encoded-data==</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>b64-encoded-data==</CipherValue> </CipherData> </EncryptedData> If encrypted data includes the X509 certificate as in following structure, the decryption goes smoothly: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256- cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/ xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>b64-encoded-data==</X509Certificate> </X509Data> </KeyInfo> <CipherData> <CipherValue>b64-encoded-data==</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>b64-encoded-data==</CipherValue> </CipherData> </EncryptedData> Tre trouble isn't in key but in the keyname - if KeyInfo element is missing KeyName there's no way the RSA key can be used in the decrypting process. This decrypts: <EncryptedData...> <EncryptionMethod Algorithm="symm.algo"/> <KeyInfo> <EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"...> <EncryptionMethod Algorithm="asymm.algo> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>rsaKey</KeyName> </KeyInfo> </EncryptedKey> ... This doesn't: <EncryptedData...> <EncryptionMethod Algorithm="symm.algo"/> <KeyInfo> <EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"...> <EncryptionMethod Algorithm="asymm.algo> </EncryptedKey> An EncryptedXml.SetDefaultAlgorithm(object Alg) would come handy... Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.