W3C home > Mailing lists > Public > xml-encryption@w3.org > July 2005

Having multiple EncryptedKey elements in a KeyInfo

From: Satoshi Akimoto <akimoto@lab.cio.dnp.co.jp>
Date: Thu, 21 Jul 2005 20:26:36 +0900
Message-ID: <42DF866C.3060503@lab.cio.dnp.co.jp>
To: xml-encryption@w3.org

Dear list,

I would like to confirm if having multiple EncryptedKey elements in a
KeyInfo like below is valid:

    <EncryptedData ...>
        <KeyInfo>
            <EncryptedKey ... Recipient="a">...</EncryptedKey>
            <EncryptedKey ... Recipient="b">...</EncryptedKey>
            <EncryptedKey ... Recipient="c">...</EncryptedKey>
        </KeyInfo>
        ....
    </EncryptedData>

I suppose it is, as RFC 3275 (XML Signature) says in 4.4 that:
"Multiple declarations within KeyInfo refer to the same key."
, but I would appreciate it if someone in the list could confirm.

The motivation is to make it easy to restore the original document
at the recipients side by the 'decrypt and replace' operation.


I found an example for multiple EncryptedKey in interoperability 
test vector, which looks like below:

    <EncryptedData ...>
        <KeyInfo>
            <KeyName>foo</KeyName>
        </KeyInfo>
        ....
    </EncryptedData>
    <KeyInfo>
        <EncryptedKey ... Recipient="a">
            <CarriedKeyName>foo</CarriedKeyName>
            ...
        </EncryptedKey>
        <EncryptedKey ... Recipient="b">
            <CarriedKeyName>foo</CarriedKeyName>
            ...
        </EncryptedKey>
    </KeyInfo>


('encrypt-element-aes256-cbc-carried-kw-aes256.xml' in merlin-xmlenc-five.tar.gz)

but in this case the 'decrypt and replace' operation doesn't give the 
original document as it leaves the 'detached' KeyInfo.


Regards,
Satoshi Akimoto
Dai Nippon Printing Co.,Ltd.
Received on Friday, 22 July 2005 04:39:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:14 UTC