RE: EncryptionMethod within EncryptedData from Christian Geuer-Pollmann on 2006-12-07 (xml-encryption@w3.org from December 2006)

From: Christian Geuer-Pollmann <Christian.Geuer-Pollmann@microsoft.com>
Date: Thu, 7 Dec 2006 15:17:55 +0000
To: Lijun Liao <lijun.liao@gmail.com>, "xml-encryption@w3.org" <xml-encryption@w3.org>
Message-ID: <6CF75D3DC659834C980077A2E31582BE0BEC2F48@EA-EXMSG-C310.europe.corp.microsoft.co>

The algorithms in the xenc spec are configurable, so you could encrypt data directly using RSA. What may happen is that you run in then is compatibility issues with other implementations.

BUT - if your question is whether you can use the algorithms identified by "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" and "http://www.w3.org/2001/04/xmlenc#rsa-1_5" for EncryptedData, the answer is simple: You can't. These algorithms are for key transport (and hence for EncryptedKey).

If you still feel that you need to wrap a few octets using RSA, you may use an own algorithm ID such as http://www.nds.rub.de/liao/xmlenc#rsa-oaep-mgf1p or something similar.

The easiest and robust method would be to encrypt your octets using AES or some other symmetric block algo, and then wrap your content encryption key with RSA. That's fully interoperable with the rest of the world.

Christian


From: xml-encryption-request@w3.org [mailto:xml-encryption-request@w3.org] On Behalf Of Lijun Liao
Sent: Mittwoch, 6. Dezember 2006 09:58
To: xml-encryption@w3.org
Subject: EncryptionMethod within EncryptedData

Is the public key algorithm, e.g. RSA_OAEP and RSA_v1.5 allowed in the xenc:EncryptionMethod within xenc:EncryptedData element? This can be used for the encryption of data of a few bytes.

Thanks,

Lijun Liao
---
http://www.nds.rub.de/liao

Received on Thursday, 7 December 2006 15:40:04 UTC