diff options
Diffstat (limited to 'docs/tests/merlin-xmlenc-five/Readme.txt')
-rw-r--r-- | docs/tests/merlin-xmlenc-five/Readme.txt | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/docs/tests/merlin-xmlenc-five/Readme.txt b/docs/tests/merlin-xmlenc-five/Readme.txt new file mode 100644 index 00000000..3a663b7c --- /dev/null +++ b/docs/tests/merlin-xmlenc-five/Readme.txt @@ -0,0 +1,117 @@ +Example Signatures[1] using Encryption[2] key information and +Additional Security URIs[3], Encrypted Data[2] and Decryption +Transform[4] + +[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ +[2] http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/ +[3] http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt +[4] http://www.w3.org/TR/xmlenc-decrypt + +*** +Some of these signature are WITHOUT cryptographic merit; +for example, key transport of an HMAC key is meaningless. +These are provided solely for testing purposes. +*** + +Private keys necessary for performing the verification +and decryption are provided in the PKCS#12 file ids.p12, +encrypted under the pass phrase "Our Little Secret". I +may have done some of the ASN.1 encoding in this P12 +incorrectly; I hope not. Private keys are also available +in PKCS#8 encoding; rsa.p8, dh1.p8. + +RSA/OAEP is presently poorly defined; I assume MGF1/SHA-1. + +Secret keys are identified by key name as follows: + + Key Name | Algorithm | Key Value +----------+-----------+----------- + bob | 3des | "abcdefghijklmnopqrstuvwx".getBytes ("ASCII") + job | aes-128 | "abcdefghijklmnop".getBytes ("ASCII") + jeb | aes-192 | "abcdefghijklmnopqrstuvwx".getBytes ("ASCII") + jed | aes-256 | "abcdefghijklmnopqrstuvwxyz012345".getBytes ("ASCII") + +. encrypt-content-aes128-cbc-kw-aes192.xml +. encrypt-content-aes192-cbc-dh-sha512.xml +. encrypt-content-tripledes-cbc.xml +. encrypt-data-aes128-cbc.xml +. encrypt-data-aes192-cbc-kw-aes256.xml +. encrypt-data-aes256-cbc-kw-tripledes.xml +. encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml +. encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml +. encrypt-element-aes128-cbc-rsa-1_5.xml +. encrypt-element-aes192-cbc-ref.xml +. encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml +. encrypt-element-tripledes-cbc-kw-aes128.xml + Encrypted content, element and data. RSA private key has + friendly name "RSA" in the P12, and is rsa.p8. + DH private key has ID "DH1", and is dh1.p8. + +. encrypt-content-aes256-cbc-prop.xml + Contains a useless EncryptionProperty. + +. encrypt-element-aes256-cbc-carried-kw-aes256.xml + External EncryptedKey contains a CarriedKeyName which + is referenced by a KeyName in the EncryptedData; the + key for Recipient "someone else" is not for you; the + key for Recipient "you" is. + +. encrypt-element-aes256-cbc-retrieved-kw-aes256.xml + External EncryptedKey is identified by a RetrievalMethod + in the EncryptedData. + +. decryption-transform.xml + Decryption transform. + +. decryption-transform-except.xml + Decryption transform with Except. + +All signatures are performed with nontruncated HMAC +algorithms. + +For debugging purposes, where chosen, the MAC key is +"abcdefghijklmnopqrstuvwxyz012345".getBytes ("ASCII"). Where +agreed, it has length equal to the HMAC output length; e.g., 256 +bits for HMAC/SHA-256. + +. encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml + RIPEMD-160 message digest; HMAC/RIPEMD-160 key is wrapped + using triple DES. The decryption key is from the above table, + identified by the key name "bob". + +. encsig-sha256-hmac-sha256-kw-aes128.xml + SHA-256 message digest; HMAC/SHA-256 key is wrapped using + AES-128. The decryption key is from the above table, identified + by the key name "job". + +. encsig-sha384-hmac-sha384-kw-aes192.xml + SHA-384 message digest; HMAC/SHA-384 key is wrapped using + AES-192. The decryption key is from the above table, identified + by the key name "jeb". + +. encsig-sha512-hmac-sha512-kw-aes256.xml + SHA-512 message digest; HMAC/SHA-512 key is wrapped using + AES-256. The decryption key is from the above table, identified + by the key name "jed". + +. encsig-hmac-sha256-rsa-1_5.xml + HMAC/SHA-256 keys is transported using RSA/OAEP. Your private + key has friendly name "RSA" in the P12. + +. encsig-hmac-sha256-rsa-oaep-mgf1p.xml + HMAC/SHA-256 keys is transported using RSA/PKCS#1. Your private + key has friendly name "RSA" in the P12. + +. encsig-hmac-sha256-dh.xml + HMAC/SHA-256 key is agreed using Diffie Hellman. Your private + key has friendly name "DH1" in the P12. + +. encsig-hmac-sha256-kw-tripledes-dh.xml + HMAC/SHA-256 key is wrapped using triple DES. The decryption + key is agreed using Diffie Hellman. Your private key has + friendly name "DH1" in the P12. + +Merlin Hughes <merlin@baltimore.ie> +Baltimore Technologies, Ltd. + +Monday, March 4, 2002 |