W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2009

ACTION-300 Create sample to illustrate ECDH-ES with AES key wrap

From: Kelvin Yiu <kelviny@exchange.microsoft.com>
Date: Mon, 8 Jun 2009 16:17:13 -0700
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <EF8BB8116404AE42A67EF8BECBC14487BE20D292@DF-POINTER-MSG.exchange.corp.microsoft.com>
Here is an example of how to use ECDH-ES with AES key wrap.

<xenc:EncryptedData   xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                      xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                      xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
                      xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
                      Type='http://www.w3.org/2001/04/xmlenc#'>

  <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
  <!-- describes the encrypted AES content encryption key -->
  <ds:KeyInfo>
    <xenc:EncryptedKey>
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
      <!-- describes the key encryption key -->
      <ds:KeyInfo>
        <xenc:AgreementMethod Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES">
          <xenc11:SP80056AConcatKDF>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <xenc11:OtherInfo AlgorithmID="0" PartyUInfo="" PartyVInfo=""/>
          </xenc11:SP80056AConcatKDF>
          <xenc:OriginatorKeyInfo>
            <ds:KeyValue>
              <ds11:ECPublicKey>
                <!-- ephemeral ECC public key of the originator -->
              </ds11:ECPublicKey>
            </ds:KeyValue>
          </xenc:OriginatorKeyInfo>
          <xenc:RecipientKeyInfo>
            <ds:X509Data>
              <!-- hint for the recipient's private key -->
            </ds:X509Data>
          </xenc:RecipientKeyInfo>
        </xenc:AgreementMethod>
      </ds:KeyInfo>
      <xenc:CipherData>
        <xenc:CipherValue><!-- encrypted AES content encryption key --></xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedKey>
  </ds:KeyInfo>

  <xenc:CipherData>
    <xenc:CipherValue>
      <!-- encrypted data -->
    </xenc:CipherValue>
  </xenc:CipherData>

</xenc:EncryptedData>

Kelvin
Received on Monday, 8 June 2009 23:38:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT