ACTION-300 Create sample to illustrate ECDH-ES with AES key wrap

Here is an example of how to use ECDH-ES with AES key wrap.

<xenc:EncryptedData   xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                      xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                      xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
                      xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
                      Type='http://www.w3.org/2001/04/xmlenc#'>

  <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
  <!-- describes the encrypted AES content encryption key -->
  <ds:KeyInfo>
    <xenc:EncryptedKey>
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
      <!-- describes the key encryption key -->
      <ds:KeyInfo>
        <xenc:AgreementMethod Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES">
          <xenc11:SP80056AConcatKDF>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <xenc11:OtherInfo AlgorithmID="0" PartyUInfo="" PartyVInfo=""/>
          </xenc11:SP80056AConcatKDF>
          <xenc:OriginatorKeyInfo>
            <ds:KeyValue>
              <ds11:ECPublicKey>
                <!-- ephemeral ECC public key of the originator -->
              </ds11:ECPublicKey>
            </ds:KeyValue>
          </xenc:OriginatorKeyInfo>
          <xenc:RecipientKeyInfo>
            <ds:X509Data>
              <!-- hint for the recipient's private key -->
            </ds:X509Data>
          </xenc:RecipientKeyInfo>
        </xenc:AgreementMethod>
      </ds:KeyInfo>
      <xenc:CipherData>
        <xenc:CipherValue><!-- encrypted AES content encryption key --></xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedKey>
  </ds:KeyInfo>

  <xenc:CipherData>
    <xenc:CipherValue>
      <!-- encrypted data -->
    </xenc:CipherValue>
  </xenc:CipherData>

</xenc:EncryptedData>

Kelvin

Received on Monday, 8 June 2009 23:38:51 UTC