Having multiple EncryptedKey elements in a KeyInfo from Satoshi Akimoto on 2005-07-21 (xml-encryption@w3.org from July 2005)

From: Satoshi Akimoto <akimoto@lab.cio.dnp.co.jp>
Date: Thu, 21 Jul 2005 20:26:36 +0900
To: xml-encryption@w3.org
Message-ID: <42DF866C.3060503@lab.cio.dnp.co.jp>

Dear list,

I would like to confirm if having multiple EncryptedKey elements in a
KeyInfo like below is valid:

    <EncryptedData ...>
        <KeyInfo>
            <EncryptedKey ... Recipient="a">...</EncryptedKey>
            <EncryptedKey ... Recipient="b">...</EncryptedKey>
            <EncryptedKey ... Recipient="c">...</EncryptedKey>
        </KeyInfo>
        ....
    </EncryptedData>

I suppose it is, as RFC 3275 (XML Signature) says in 4.4 that:
"Multiple declarations within KeyInfo refer to the same key."
, but I would appreciate it if someone in the list could confirm.

The motivation is to make it easy to restore the original document
at the recipients side by the 'decrypt and replace' operation.


I found an example for multiple EncryptedKey in interoperability 
test vector, which looks like below:

    <EncryptedData ...>
        <KeyInfo>
            <KeyName>foo</KeyName>
        </KeyInfo>
        ....
    </EncryptedData>
    <KeyInfo>
        <EncryptedKey ... Recipient="a">
            <CarriedKeyName>foo</CarriedKeyName>
            ...
        </EncryptedKey>
        <EncryptedKey ... Recipient="b">
            <CarriedKeyName>foo</CarriedKeyName>
            ...
        </EncryptedKey>
    </KeyInfo>


('encrypt-element-aes256-cbc-carried-kw-aes256.xml' in merlin-xmlenc-five.tar.gz)

but in this case the 'decrypt and replace' operation doesn't give the 
original document as it leaves the 'detached' KeyInfo.


Regards,
Satoshi Akimoto
Dai Nippon Printing Co.,Ltd.

Received on Friday, 22 July 2005 04:39:33 UTC