Here is an example of how to use ECDH-ES with AES key wrap. <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" xmlns:ds11="http://www.w3.org/2009/xmldsig11#" Type='http://www.w3.org/2001/04/xmlenc#'> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> <!-- describes the encrypted AES content encryption key --> <ds:KeyInfo> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/> <!-- describes the key encryption key --> <ds:KeyInfo> <xenc:AgreementMethod Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES"> <xenc11:SP80056AConcatKDF> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <xenc11:OtherInfo AlgorithmID="0" PartyUInfo="" PartyVInfo=""/> </xenc11:SP80056AConcatKDF> <xenc:OriginatorKeyInfo> <ds:KeyValue> <ds11:ECPublicKey> <!-- ephemeral ECC public key of the originator --> </ds11:ECPublicKey> </ds:KeyValue> </xenc:OriginatorKeyInfo> <xenc:RecipientKeyInfo> <ds:X509Data> <!-- hint for the recipient's private key --> </ds:X509Data> </xenc:RecipientKeyInfo> </xenc:AgreementMethod> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue><!-- encrypted AES content encryption key --></xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> <!-- encrypted data --> </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> KelvinReceived on Monday, 8 June 2009 23:38:51 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT