- From: Kelvin Yiu <kelviny@exchange.microsoft.com>
- Date: Mon, 8 Jun 2009 16:17:13 -0700
- To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
- Message-ID: <EF8BB8116404AE42A67EF8BECBC14487BE20D292@DF-POINTER-MSG.exchange.corp.microsoft>
Here is an example of how to use ECDH-ES with AES key wrap. <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" xmlns:ds11="http://www.w3.org/2009/xmldsig11#" Type='http://www.w3.org/2001/04/xmlenc#'> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> <!-- describes the encrypted AES content encryption key --> <ds:KeyInfo> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/> <!-- describes the key encryption key --> <ds:KeyInfo> <xenc:AgreementMethod Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES"> <xenc11:SP80056AConcatKDF> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <xenc11:OtherInfo AlgorithmID="0" PartyUInfo="" PartyVInfo=""/> </xenc11:SP80056AConcatKDF> <xenc:OriginatorKeyInfo> <ds:KeyValue> <ds11:ECPublicKey> <!-- ephemeral ECC public key of the originator --> </ds11:ECPublicKey> </ds:KeyValue> </xenc:OriginatorKeyInfo> <xenc:RecipientKeyInfo> <ds:X509Data> <!-- hint for the recipient's private key --> </ds:X509Data> </xenc:RecipientKeyInfo> </xenc:AgreementMethod> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue><!-- encrypted AES content encryption key --></xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> <!-- encrypted data --> </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> Kelvin
Received on Monday, 8 June 2009 23:38:51 UTC