1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
Example Signatures[1] using Encryption[2] key information and
Additional Security URIs[3], Encrypted Data[2] and Decryption
Transform[4]
[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
[2] http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/
[3] http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt
[4] http://www.w3.org/TR/xmlenc-decrypt
***
Some of these signature are WITHOUT cryptographic merit;
for example, key transport of an HMAC key is meaningless.
These are provided solely for testing purposes.
***
Private keys necessary for performing the verification
and decryption are provided in the PKCS#12 file ids.p12,
encrypted under the pass phrase "Our Little Secret". I
may have done some of the ASN.1 encoding in this P12
incorrectly; I hope not. Private keys are also available
in PKCS#8 encoding; rsa.p8, dh1.p8.
RSA/OAEP is presently poorly defined; I assume MGF1/SHA-1.
Secret keys are identified by key name as follows:
Key Name | Algorithm | Key Value
----------+-----------+-----------
bob | 3des | "abcdefghijklmnopqrstuvwx".getBytes ("ASCII")
job | aes-128 | "abcdefghijklmnop".getBytes ("ASCII")
jeb | aes-192 | "abcdefghijklmnopqrstuvwx".getBytes ("ASCII")
jed | aes-256 | "abcdefghijklmnopqrstuvwxyz012345".getBytes ("ASCII")
. encrypt-content-aes128-cbc-kw-aes192.xml
. encrypt-content-aes192-cbc-dh-sha512.xml
. encrypt-content-tripledes-cbc.xml
. encrypt-data-aes128-cbc.xml
. encrypt-data-aes192-cbc-kw-aes256.xml
. encrypt-data-aes256-cbc-kw-tripledes.xml
. encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
. encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml
. encrypt-element-aes128-cbc-rsa-1_5.xml
. encrypt-element-aes192-cbc-ref.xml
. encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml
. encrypt-element-tripledes-cbc-kw-aes128.xml
Encrypted content, element and data. RSA private key has
friendly name "RSA" in the P12, and is rsa.p8.
DH private key has ID "DH1", and is dh1.p8.
. encrypt-content-aes256-cbc-prop.xml
Contains a useless EncryptionProperty.
. encrypt-element-aes256-cbc-carried-kw-aes256.xml
External EncryptedKey contains a CarriedKeyName which
is referenced by a KeyName in the EncryptedData; the
key for Recipient "someone else" is not for you; the
key for Recipient "you" is.
. encrypt-element-aes256-cbc-retrieved-kw-aes256.xml
External EncryptedKey is identified by a RetrievalMethod
in the EncryptedData.
. decryption-transform.xml
Decryption transform.
. decryption-transform-except.xml
Decryption transform with Except.
All signatures are performed with nontruncated HMAC
algorithms.
For debugging purposes, where chosen, the MAC key is
"abcdefghijklmnopqrstuvwxyz012345".getBytes ("ASCII"). Where
agreed, it has length equal to the HMAC output length; e.g., 256
bits for HMAC/SHA-256.
. encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml
RIPEMD-160 message digest; HMAC/RIPEMD-160 key is wrapped
using triple DES. The decryption key is from the above table,
identified by the key name "bob".
. encsig-sha256-hmac-sha256-kw-aes128.xml
SHA-256 message digest; HMAC/SHA-256 key is wrapped using
AES-128. The decryption key is from the above table, identified
by the key name "job".
. encsig-sha384-hmac-sha384-kw-aes192.xml
SHA-384 message digest; HMAC/SHA-384 key is wrapped using
AES-192. The decryption key is from the above table, identified
by the key name "jeb".
. encsig-sha512-hmac-sha512-kw-aes256.xml
SHA-512 message digest; HMAC/SHA-512 key is wrapped using
AES-256. The decryption key is from the above table, identified
by the key name "jed".
. encsig-hmac-sha256-rsa-1_5.xml
HMAC/SHA-256 keys is transported using RSA/OAEP. Your private
key has friendly name "RSA" in the P12.
. encsig-hmac-sha256-rsa-oaep-mgf1p.xml
HMAC/SHA-256 keys is transported using RSA/PKCS#1. Your private
key has friendly name "RSA" in the P12.
. encsig-hmac-sha256-dh.xml
HMAC/SHA-256 key is agreed using Diffie Hellman. Your private
key has friendly name "DH1" in the P12.
. encsig-hmac-sha256-kw-tripledes-dh.xml
HMAC/SHA-256 key is wrapped using triple DES. The decryption
key is agreed using Diffie Hellman. Your private key has
friendly name "DH1" in the P12.
Merlin Hughes <merlin@baltimore.ie>
Baltimore Technologies, Ltd.
Monday, March 4, 2002
|
