Topic
  • 6 replies
  • Latest Post - ‏2018-06-19T09:45:29Z by kondaveeti nagaraju
Nadp
Nadp
88 Posts

Pinned topic dp:encrypt-string() issue

‏2014-02-18T20:56:57Z | dp:encrypt string

I am trying to encrypt a particular value but it does not work, can any one take a look and let me know if the code is right,

<?xml version="1.0" encoding="UTF-8" ?>

- <xsl:stylesheet version="1.0"xmlns:xsl="http://www.w3.org/1999/XSL/Transform"xmlns:exsl="http://exslt.org/common"xmlns:dp="http://www.datapower.com/extensions"xmlns:date="http://exslt.org/dates-and-times"exclude-result-prefixes="dp exsl date xsl"extension-element-prefixes="dp exsl">
- <xsl:template match="/">
<xsl:variable name="session-key"select="('name:', 'SharedKey')" />
<xsl:variable name="type">http://www.w3.org/2001/04/xmlenc#tripledes-cbc</xsl:variable>
<dp:set-variable name="node"value="'12345678'" />
- <xsl:variable name="ciphertext">
<xsl:value-of select="dp:encrypt-data($type,$session-key,$node)" />
</xsl:variable>
<dp:set-variable name="'var://context/de/cipherText'"value="$ciphertext" />
</xsl:template>
</xsl:stylesheet>

 Thanks

NADP

  • NILAY97
    NILAY97
    350 Posts

    Re: dp:encrypt-string() issue

    ‏2014-02-22T17:14:21Z  

    What error do you get? Why are you not using Encrypt Action instead of doing this in XSL?

    Thanks,

    Nilay.

  • Amit.Gera
    Amit.Gera
    34 Posts

    Re: dp:encrypt-string() issue

    ‏2014-02-23T23:43:10Z  

    Looks like session-key is the issue. Following worked for me:

    <xsl:variable name="In">
       <xsl:copy-of select="."/>
    </xsl:variable>
    <xsl:variable name="algorihtm">
        <xsl:value-of select="'http://www.w3.org/2001/04/xmlenc#aes128-cbc'"/>
    </xsl:variable>
    <xsl:variable name="encString" select="string(dp:encrypt-string($algorihtm,'name:MySharedKey',$In))"/>
    

     

    I have MySharedKey object configured as a shared key.

  • HermannSW
    HermannSW
    8013 Posts

    Re: dp:encrypt-string() issue

    ‏2014-02-24T07:41:50Z  
    • Amit.Gera
    • ‏2014-02-23T23:43:10Z

    Looks like session-key is the issue. Following worked for me:

    <pre class="dw" data-editor-lang="js" data-pbcklang="" dir="ltr" style="color: rgb(0, 0, 0); word-wrap: break-word; white-space: pre-wrap;"><xsl:variable name="In"> <xsl:copy-of select="."/> </xsl:variable> <xsl:variable name="algorihtm"> <xsl:value-of select="'http://www.w3.org/2001/04/xmlenc#aes128-cbc'"/> </xsl:variable> <xsl:variable name="encString" select="string(dp:encrypt-string($algorihtm,'name:MySharedKey',$In))"/> </pre>

     

    I have MySharedKey object configured as a shared key.

    Searching for "encrypt-string" in "This Forum" search on top right gives 23 hits, this is one with code listing:
    https://www.ibm.com/developerworks/community/forums/html/topic?id=7cf5c234-3ea2-4554-8b8b-ac4c9ce9a979#8685d3b8-2289-45fd-b230-e7a2e2f6d7f7

    As Nilay pointed out and Ivan always does, please use encrypt action whereever possible.
    Encrypt actions is secured for oracle padding attcks.

    If you just use dp:encrypt-string() YOU are responsible for taking counter measures aginst such and similar attacks.


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/> <myFrameless/> <GraphvizFiddle/> <xqib/>
     

  • kondaveeti nagaraju
    kondaveeti nagaraju
    26 Posts

    Re: dp:encrypt-string() issue

    ‏2018-06-14T14:32:22Z  
    • HermannSW
    • ‏2014-02-24T07:41:50Z

    Searching for "encrypt-string" in "This Forum" search on top right gives 23 hits, this is one with code listing:
    https://www.ibm.com/developerworks/community/forums/html/topic?id=7cf5c234-3ea2-4554-8b8b-ac4c9ce9a979#8685d3b8-2289-45fd-b230-e7a2e2f6d7f7

    As Nilay pointed out and Ivan always does, please use encrypt action whereever possible.
    Encrypt actions is secured for oracle padding attcks.

    If you just use dp:encrypt-string() YOU are responsible for taking counter measures aginst such and similar attacks.


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/> <myFrameless/> <GraphvizFiddle/> <xqib/>
     

    hiii

    when I have tried on dp:encrypt I got the encrypted value as

     

     

    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
        xmlns:dp="http://www.datapower.com/extensions"
        exclude-result-prefixes="dp"
        extension-element-prefixes="dp"
        version="2.0">
        <xsl:output method="xml" indent="yes"/>
        <xsl:variable name="algorithm" select="'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'"/>
        <xsl:variable name="cert" select="'name:tarak'"/>
        <xsl:variable name="node" select="."></xsl:variable>
        
         <xsl:template match="/">        
                 <xsl:copy-of select="dp:encrypt-data($algorithm,$cert,$node)"/>       
         </xsl:template>
    </xsl:stylesheet>

    Output:

    mY9XJNHRn/YySIPx7P6TiEsgaEE/acwZpC03K1w/P86+pxgql6s5PR/yJf+2VQbjlB66rQXkumbrdpj3IB3thz6PNWJu9BXQOZm+jhgd4lfvUXaW27nCnFPAL07N+UITMI23BCm+P4bcChaa2CeF/weZlLL0NbL4IoQdNfqwPEI=

     

     By using the encrypt action to get the below output.But  i need to get the same  data like as below using xslt.

     

    <?xml version="1.0" encoding="UTF-8"?>
    <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
        <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
            <xenc:EncryptedKey Recipient="name:tarak">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                <dsig:KeyInfo>
                    <dsig:KeyName>tarak</dsig:KeyName>
                </dsig:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>mY9XJNHRn/YySIPx7P6TiEsgaEE/acwZpC03K1w/P86+pxgql6s5PR/yJf+2VQbjlB66rQXkumbrdpj3IB3thz6PNWJu9BXQOZm+jhgd4lfvUXaW27nCnFPAL07N+UITMI23BCm+P4bcChaa2CeF/weZlLL0NbL4IoQdNfqwPEI=</xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedKey>
        </dsig:KeyInfo>    
        <xenc:CipherData>
            <xenc:CipherValue>+LcmGnpJrecAtR0MwkY+F8BXzlu1ieSsL0bNeIxCCVozhrRv60846TFE6uHoT8YUBgawxGNB7Kz3EA/Jgvm8AKXexvMhosIFKKzSdePTendp3A5QPDM0lg==</xenc:CipherValue>
        </xenc:CipherData>
    </xenc:EncryptedData>

    Updated on 2018-06-14T14:37:51Z at 2018-06-14T14:37:51Z by kondaveeti nagaraju
  • HermannSW
    HermannSW
    8013 Posts

    Re: dp:encrypt-string() issue

    ‏2018-06-14T20:53:12Z  

    hiii

    when I have tried on dp:encrypt I got the encrypted value as

     

     

    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
        xmlns:dp="http://www.datapower.com/extensions"
        exclude-result-prefixes="dp"
        extension-element-prefixes="dp"
        version="2.0">
        <xsl:output method="xml" indent="yes"/>
        <xsl:variable name="algorithm" select="'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'"/>
        <xsl:variable name="cert" select="'name:tarak'"/>
        <xsl:variable name="node" select="."></xsl:variable>
        
         <xsl:template match="/">        
                 <xsl:copy-of select="dp:encrypt-data($algorithm,$cert,$node)"/>       
         </xsl:template>
    </xsl:stylesheet>

    Output:

    mY9XJNHRn/YySIPx7P6TiEsgaEE/acwZpC03K1w/P86+pxgql6s5PR/yJf+2VQbjlB66rQXkumbrdpj3IB3thz6PNWJu9BXQOZm+jhgd4lfvUXaW27nCnFPAL07N+UITMI23BCm+P4bcChaa2CeF/weZlLL0NbL4IoQdNfqwPEI=

     

     By using the encrypt action to get the below output.But  i need to get the same  data like as below using xslt.

     

    <?xml version="1.0" encoding="UTF-8"?>
    <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
        <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
            <xenc:EncryptedKey Recipient="name:tarak">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                <dsig:KeyInfo>
                    <dsig:KeyName>tarak</dsig:KeyName>
                </dsig:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>mY9XJNHRn/YySIPx7P6TiEsgaEE/acwZpC03K1w/P86+pxgql6s5PR/yJf+2VQbjlB66rQXkumbrdpj3IB3thz6PNWJu9BXQOZm+jhgd4lfvUXaW27nCnFPAL07N+UITMI23BCm+P4bcChaa2CeF/weZlLL0NbL4IoQdNfqwPEI=</xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedKey>
        </dsig:KeyInfo>    
        <xenc:CipherData>
            <xenc:CipherValue>+LcmGnpJrecAtR0MwkY+F8BXzlu1ieSsL0bNeIxCCVozhrRv60846TFE6uHoT8YUBgawxGNB7Kz3EA/Jgvm8AKXexvMhosIFKKzSdePTendp3A5QPDM0lg==</xenc:CipherValue>
        </xenc:CipherData>
    </xenc:EncryptedData>

    You have to build it yourself.

    For me a good reason to use the encrypt action and not dp:encrypt-data(), in addition to the security hardening you loose when not using encrypt action (against timing and other attacks).

    Hermann.

    Updated on 2018-06-14T20:53:44Z at 2018-06-14T20:53:44Z by HermannSW
  • kondaveeti nagaraju
    kondaveeti nagaraju
    26 Posts

    Re: dp:encrypt-string() issue

    ‏2018-06-15T05:57:06Z  
    • HermannSW
    • ‏2018-06-14T20:53:12Z

    You have to build it yourself.

    For me a good reason to use the encrypt action and not dp:encrypt-data(), in addition to the security hardening you loose when not using encrypt action (against timing and other attacks).

    Hermann.

    thank you Hermann SW for given the  good information.