- From: Takeshi Imamura <IMAMU@jp.ibm.com>
- Date: Thu, 26 Apr 2001 17:07:25 +0900
- To: <jimsch@exmsft.com>
- Cc: <stephen.farrell@baltimore.ie>, "'XML Encryption WG'" <xml-encryption@w3.org>
Jim, >> > > 9. There's an ambiguity in the use of KeyInfo in >> > > EncryptedData and EncryptedKey: >> > > does the KeyInfo relate to the key used to encipher or >> decipher? The >> > > description of EncryptedType says the former, which is fine, >> > > and probably >> > > correct, but 3.4 refers to the key for decrypting. Hopefully, >> > > just a matter >> > > of text, but possibly confusing later if we're not careful. >> > >> > KeyInfo always refers to the key used for decipher. See >> the note on NameKey >> > above. >> >> Isn't that wrong? An X.509 cert (and other ds:KeyInfo cases) contains >> the enciphering key in this context. > >I was refering to the case of keyInfo being used in EncryptedData and >EncryptedKey. If you want to look at KeyInfo in a general case, it contains >a key (or instructions on how to get a key). Nothing is said about the use >or type of the key contained therein. It could be Signing, Decryption, >Authentication, a second key for key agreement algorithms. KeyInfo just >holds something that can be turned into a key I believe that X.509 certificates may be contained in the KeyInfo element being used in the EncryptedData or EncryptedKey element. KeyInfo is the element that contains information to obtain a key in a context. In the context of XML Encryption, the key is a decryption key. Note that the key may be obtained directly or indirectly. This means that the KeyInfo element may contain an identifier for a decryption key itself, an encryption key, or a key pair, depending on applications, and if an identifier for an encryption key is contained (e.g., by using a ds:X509Data element), a recipient has to identify the encryption key first and then obtain the corresponding decryption key. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.com
Received on Thursday, 26 April 2001 04:08:01 UTC