xmlsec with AES-GCM

833 views Asked by At

I have compiled the newest release of XMLSec from https://www.aleksey.com/xmlsec/news.html in a cygwin enviroment. Now i am following this example to encrypt a XML file using a session key and digital signatures. http://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html#htoc9 As CBC has some serious security issues, i now want to step up using AES-128-GCM instead of 3DES-192-CBC. I tried changing the Session-Key-Template.xml to

<EncryptedData 
  xmlns="http://www.w3.org/2001/04/xmlenc#"
  xmlns:enc11="http://www.w3.org/2009/xmlenc11#"  
  Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod enc11:Algorithm=
  "http://www.w3.org/2009/xmlenc11#aes128-gcm" />

but this will give me an error, that the algorithm cannot be found. Console Output is

xmlsec1 encrypt --pubkey-pem pub-userkey.pem  --session-key aes-128 --xml-    data doc-plain.xml  --output doc-encrypted.xml session-key-template.xml
    func=xmlSecTransformNodeRead:file=transforms.c:line=1543:obj=unknown:subj=xmlSec
TransformIdListFindByHref:error=1:xmlsec library function
failed:href=http://www.w3.org/2009/xmlenc11#aes128-gcm
func=xmlSecTransformCtxNodeRead:file=transforms.c:line=694
:obj=unknown:subj=xmlSecTransformNodeRead:error=1:
xmlsec library function failed:name=EncryptionMethod
func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=905:
obj=unknown:subj=xmlSecTransformCtxNodeRead:error=1:
xmlsec library function failed:node=EncryptionMethod
func=xmlSecEncCtxXmlEncrypt:file=xmlenc.c:line=386:
obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:
xmlsec library function failed:

Error: failed to encrypt xml file "doc-plain.xml"
Error: failed to encrypt file with template "session-key-template.xml"

Does somebody know how to set this up correctly?

0

There are 0 answers