W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2009

Rewrite of Encryption, 5.6, first paragraph (ISSUE-99; ACTION-292)

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 20 May 2009 13:14:37 +0200
Message-Id: <E4524454-CA07-4FA9-9FA7-02A30DED22D3@w3.org>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Current text:

> Symmetric Key Wrap algorithms are shared secret key encryption  
> algorithms especially specified for encrypting and decrypting  
> symmetric keys. Their identifiers appear as Algorithm attribute  
> values to EncryptionMethod elements that are children of  
> EncryptedKey which is in turn a child of ds:KeyInfo which is in turn  
> a child of EncryptedData or another EncryptedKey. The type of the  
> key being wrapped is indicated by the Algorithm attribute  
> ofEncryptionMethod child of the parent of the ds:KeyInfo grandparent  
> of the EncryptionMethod specifying the symmetric key wrap algorithm.

First, here's how I read this:

	<EncryptedData|EncryptedKey>
		<EncryptionMethod Algorithm="@alg1"/>
		<ds:KeyInfo>
			<EncryptedKey>
				<EncryptionMethod Algorithm="@alg2"/>

@alg1 is the algorithm for which the encrypted key is used.  @alg2 is  
the algorithmt hat's used to encrypt the key.  If this reading of the  
text is wrong, then scream right now, because what follows will be  
wrong.


Proposed replacement:

> Symmetric Key Wrap algorithms are shared secret key encryption  
> algorithms especially specified for encrypting and decrypting  
> symmetric keys.  When wrapped keys are used, then an EncryptedKey  
> element will appear as a child of a ds:KeyInfo element.  This  
> EncryptedKey element will have an EncryptionMethod child whose  
> Algorithm attribute in turn identifies the key warp algorithm.
>
> The algorithm for which the encrypted key is intended depends on the  
> context of the ds:KeyInfo element:  ds:KeyInfo can occur as a child  
> of either an EncryptedData or EncryptedKey element; in both cases,  
> ds:KeyInfo will have an EncryptionMethod sibling that identifies the  
> algorithm.
>
> Example:
>
> ...

--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Wednesday, 20 May 2009 11:14:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT