Website Download Support
 

Discuss this help topic in SecureBlackbox Forum

Use RSA keys, X.509 certificates or OpenPGP keys for encryption

X.509 certificates, OpenPGP keys and RSA keys can not be used to encrypt the data. You need to create the session key to encrypt the data. The session key itself can be encrypted and included with the encrypted data as described in the corresponding how-to article, with the difference, that TElXMLEncryptor.KeyEncryptionType property should be set to xetKeyTransport. Also you need to set TElXMLEncryptor.KeyTransportMethod as you need.

To encrypt the session key using public key algorithms, you need one of the following:

For RSA keys:

  1. create an instance of TElXMLKeyInfoRSAData class;
  2. load the RSA key to RSAKeyMaterial property of TElXMLKeyInfoRSAData class. Note that you need only public key for encryption. Private key is needed for decryption;
  3. assign the instance of TElXMLKeyInfoRSAData class to KeyEncryptionKeyData property of TElXMLEncProcessor class

For X.509 certificates:

  1. create an instance of TElXMLKeyInfoX509Data class;
  2. create an instance of TElX509Certificate class and assign it to Certificate property of TElXMLKeyInfoX509Data class;
  3. load the certificate (private key is not needed) to an instance of TElX509Certificate class;
  4. assign the instance of TElXMLKeyInfoX509Data class to KeyEncryptionKeyData property of TElXMLEncProcessor class

For OpenPGP keys:

  1. create an instance of TElXMLKeyInfoPGPData class;
  2. create an instance of TElPGPPublicKey class and assign it to PublicKey property of TElXMLKeyInfoPGPData class;
  3. load the OpenPGP public key to an instance of TElPGPPublicKey class;
  4. assign the instance of TElXMLKeyInfoPGPData class to KeyEncryptionKeyData property of TElXMLEncProcessor class

Sample code that uses Camellia symmetric session key and uses RSA 1.5 key transport algorithm:

C#: 


Encryptor.EncryptionMethod = SBXMLSec.Unit.xemCamellia;
Encryptor.EncryptKey = true;
Encryptor.KeyEncryptionType = SBXMLSec.Unit.xetKeyTransport;
Encryptor.KeyTransportMethod = SBXMLSec.Unit.xktRSA15;

TElXMLKeyInfoSymmetricData SymKeyData = new TElXMLKeyInfoSymmetricData(true);
SymKeyData.Key.Generate(32 * 8);
SymKeyData.Key.GenerateIV(16 * 8);
Encryptor.KeyData = SymKeyData;

TElXMLKeyInfoX509Data X509KeyData = new TElXMLKeyInfoX509Data(true);
X509KeyData.Certificate = UserCertificate;
Encryptor.KeyEncryptionKeyData = X509KeyData;

// encrypt
...
// clearing key objects after encryption
SymKeyData.Dispose();
X509KeyData.Dispose();
Delphi: 

Encryptor.EncryptionMethod := xemCamellia;
Encryptor.EncryptKey := true;
Encryptor.KeyEncryptionType := xetKeyTransport;
Encryptor.KeyTransportMethod := xktRSA15;

SymKeyData := TElXMLKeyInfoSymmetricData.Create(true);
SymKeyData.Key.Generate(32 * 8);
SymKeyData.Key.GenerateIV(16 * 8);
Encryptor.KeyData := SymKeyData;

X509KeyData := TElXMLKeyInfoX509Data.Create(true);
X509KeyData.Certificate := UserCertificate;
Encryptor.KeyEncryptionKeyData := X509KeyData;

// encrypt
...
// clearing key objects after encryption
FreeAndNil(SymKeyData);
FreeAndNil(X509KeyData);

How To articles about XML encryption (XMLEnc)

Discuss this help topic in SecureBlackbox Forum

Copyright (c) 2018, /n software, inc.