- From: Kelvin Yiu <kelviny@exchange.microsoft.com>
- Date: Mon, 8 Jun 2009 16:17:13 -0700
- To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
- Message-ID: <EF8BB8116404AE42A67EF8BECBC14487BE20D292@DF-POINTER-MSG.exchange.corp.microsoft>
Here is an example of how to use ECDH-ES with AES key wrap.
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
Type='http://www.w3.org/2001/04/xmlenc#'>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<!-- describes the encrypted AES content encryption key -->
<ds:KeyInfo>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
<!-- describes the key encryption key -->
<ds:KeyInfo>
<xenc:AgreementMethod Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES">
<xenc11:SP80056AConcatKDF>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<xenc11:OtherInfo AlgorithmID="0" PartyUInfo="" PartyVInfo=""/>
</xenc11:SP80056AConcatKDF>
<xenc:OriginatorKeyInfo>
<ds:KeyValue>
<ds11:ECPublicKey>
<!-- ephemeral ECC public key of the originator -->
</ds11:ECPublicKey>
</ds:KeyValue>
</xenc:OriginatorKeyInfo>
<xenc:RecipientKeyInfo>
<ds:X509Data>
<!-- hint for the recipient's private key -->
</ds:X509Data>
</xenc:RecipientKeyInfo>
</xenc:AgreementMethod>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue><!-- encrypted AES content encryption key --></xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
<!-- encrypted data -->
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
Kelvin
Received on Monday, 8 June 2009 23:38:51 UTC