- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 20 May 2009 13:14:37 +0200
- To: XMLSec WG Public List <public-xmlsec@w3.org>
Current text: > Symmetric Key Wrap algorithms are shared secret key encryption > algorithms especially specified for encrypting and decrypting > symmetric keys. Their identifiers appear as Algorithm attribute > values to EncryptionMethod elements that are children of > EncryptedKey which is in turn a child of ds:KeyInfo which is in turn > a child of EncryptedData or another EncryptedKey. The type of the > key being wrapped is indicated by the Algorithm attribute > ofEncryptionMethod child of the parent of the ds:KeyInfo grandparent > of the EncryptionMethod specifying the symmetric key wrap algorithm. First, here's how I read this: <EncryptedData|EncryptedKey> <EncryptionMethod Algorithm="@alg1"/> <ds:KeyInfo> <EncryptedKey> <EncryptionMethod Algorithm="@alg2"/> @alg1 is the algorithm for which the encrypted key is used. @alg2 is the algorithmt hat's used to encrypt the key. If this reading of the text is wrong, then scream right now, because what follows will be wrong. Proposed replacement: > Symmetric Key Wrap algorithms are shared secret key encryption > algorithms especially specified for encrypting and decrypting > symmetric keys. When wrapped keys are used, then an EncryptedKey > element will appear as a child of a ds:KeyInfo element. This > EncryptedKey element will have an EncryptionMethod child whose > Algorithm attribute in turn identifies the key warp algorithm. > > The algorithm for which the encrypted key is intended depends on the > context of the ds:KeyInfo element: ds:KeyInfo can occur as a child > of either an EncryptedData or EncryptedKey element; in both cases, > ds:KeyInfo will have an EncryptionMethod sibling that identifies the > algorithm. > > Example: > > ... -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 20 May 2009 11:14:48 UTC