- From: Takeshi Imamura <IMAMU@jp.ibm.com>
- Date: Wed, 18 Apr 2001 12:50:47 +0900
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- Cc: "XML Encryption WG " <xml-encryption@w3.org>
Joseph,
>>3.4 Extensions to enc:KeyInfo Element
>>
>> >1. The EncryptedData or EncryptedKey element specifies the associated
key
>> material:
>>The key value may be indicated by specifying the X509Data element for the
>>corresponding public key.
>
>I don't understand.
Suppose Alice is delivering a key material to Bob using key transport. If
Alice uses Bob's public key in his X.509 certificate, an X509Data element
for the certificate may be used for referencing the corresponding private
key. So an EncryptedData element would be:
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#’>
<EncryptionMethod Algorithm='urn:nist-gov:aes-128-cbc'/>
<KeyInfo xmlns=’http://www.w3.org/2000/09/xmldsig#’>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#’>
<EncryptionMethod Algorithm=' urn:rsadsi-com:rsa-v2.0'/>
<KeyInfo xmlns=’http://www.w3.org/2000/09/xmldsig#’>
<X509Data>
<X509SubjectName>CN=Bob,C=US</X509SubjectName>
</X509Data>
</KeyInfo>
<CipherData>(encrypted key material)</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>(encrypted data)</CipherData>
</EncryptedData>
Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com
Received on Tuesday, 17 April 2001 23:51:07 UTC