W3C home > Mailing lists > Public > xml-encryption@w3.org > May 2002

Re: Decryption Transform processing question

From: Ari Kermaier <arik@phaos.com>
Date: Wed, 01 May 2002 19:56:54 -0400
Message-Id: <>
To: merlin <merlin@baltimore.ie>
Cc: reagle@w3.org, "Takeshi Imamura" <IMAMU@jp.ibm.com>, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>, xml-encryption@w3.org
I thought that XPath caveat was weird as well, but I believe the confusion 
on wrapping is really just an infelicity of the language in the text. When 
it says "wrap the decrypted octet stream" I think it really means "wrap the 
octet stream resulting from decrypting and replacing e in X". (See 
Takeshi's answer to my question in [1].)

Under this reading, I think the following would hold for a signature over 

<Bar xmlns:baz="http://example.org/baz">
   <Foo xml:something="other" Id="foo">
     <enc:EncryptedData ...>...</enc:EncryptedData>

Dereferencing, decrypting and replacing results in:

<Foo xml:something="other" Id="foo">
     <plaintext />

Since <Bar>'s namespace is in scope for the first element of the input 
node-set, <Foo>, parsing context C is {xmlns:baz="http://example.org/baz", 
xml:something="other"}. So the result of wrapping would be:

<dummy xmlns:baz="http://example.org/baz" xml:something="other"><Foo 
xml:something="other" Id="foo">
     <plaintext />

Parsing, unwrapping and canonicalizing would result in:

<Foo xmlns:baz="http://example.org/baz" xml:something="other" Id="foo">
     <plaintext />

If this is correct, my proposed text in [2] for decryptXML(X, e, C) and 
decryptOctets(X, e) would be OK. Am I missing anything?

[1]  http://lists.w3.org/Archives/Public/xml-encryption/2002Apr/0119.html
[2]  http://lists.w3.org/Archives/Public/xml-encryption/2002May/0002.html

Ari Kermaier    arik@phaos.com
Senior Software Engineer
Phaos Technology Corp.    http://www.phaos.com/
Received on Wednesday, 1 May 2002 19:54:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:09 UTC