I have compiled the newest release of XMLSec from https://www.aleksey.com/xmlsec/news.html in a cygwin enviroment. Now i am following this example to encrypt a XML file using a session key and digital signatures. http://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html#htoc9 As CBC has some serious security issues, i now want to step up using AES-128-GCM instead of 3DES-192-CBC. I tried changing the Session-Key-Template.xml to
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
xmlns:enc11="http://www.w3.org/2009/xmlenc11#"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod enc11:Algorithm=
"http://www.w3.org/2009/xmlenc11#aes128-gcm" />
but this will give me an error, that the algorithm cannot be found. Console Output is
xmlsec1 encrypt --pubkey-pem pub-userkey.pem --session-key aes-128 --xml- data doc-plain.xml --output doc-encrypted.xml session-key-template.xml
func=xmlSecTransformNodeRead:file=transforms.c:line=1543:obj=unknown:subj=xmlSec
TransformIdListFindByHref:error=1:xmlsec library function
failed:href=http://www.w3.org/2009/xmlenc11#aes128-gcm
func=xmlSecTransformCtxNodeRead:file=transforms.c:line=694
:obj=unknown:subj=xmlSecTransformNodeRead:error=1:
xmlsec library function failed:name=EncryptionMethod
func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=905:
obj=unknown:subj=xmlSecTransformCtxNodeRead:error=1:
xmlsec library function failed:node=EncryptionMethod
func=xmlSecEncCtxXmlEncrypt:file=xmlenc.c:line=386:
obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:
xmlsec library function failed:
Error: failed to encrypt xml file "doc-plain.xml"
Error: failed to encrypt file with template "session-key-template.xml"
Does somebody know how to set this up correctly?