Decrypt an XML encrypted message

API-Evangelist · 03-30-2018 09:17 PM

Is there a way to decrypt an XML encrypted message ? We are trying to do via java code but it doesn't seems to be working and need assistance. Attaching java code(sample code). Please suggest if you have done earlier.

Similar question was asked in below but not sure how it was accomplished?

https://community.apigee.com/questions/31162/wss-security-encryption-and-decryption-of-payload.html

We had used earlier via below gateway which we are trying to convert into apigee but struggling..

https://docs.oracle.com/cd/E50612_01/doc.11122/user_guide/content/encryption_decrypt_settings.html

decrypttxt.zip

@Dino

@Ravi Shah

Please suggest.

API-Evangelist

How to Decrypt the key encryption key??

==

com.sun.org.apache.xml.internal.security.encryption.XMLCipher decryptToByteArray
com.sun.org.apache.xml.internal.security.encryption.XMLEncryptionException: No Key Encryption Key loaded and cannot determine using key resolvers
SEVERE: XMLCipher::decryptElement called without a key and unable to resolve
com.sun.org.apache.xml.internal.security.encryption.XMLEncryptionException: No Key Encryption Key loaded and cannot determine using key resolvers
at com.sun.org.apache.xml.internal.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1527)
at com.sun.org.apache.xml.internal.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1432)
at com.sun.org.apache.xml.internal.security.encryption.XMLCipher.doFinal

==

DChiesa

Hi Vinay

I see your code, but

that appears to be the decryption part. Where's the encryption part? How is the encryption done?
you have omitted all the keys. So I cannot verify the operation of the decryption .

I think maybe you'd be better off using WSS4J, rather that using the org.apache.xml.security.encryption.XMLCipher class.

API-Evangelist

@DinoChallenge is we have a working encryption/decryption with standalone and having hard time to port to apigee.

Do you have a available code or will you help converting to apigee java callout

(as you generally provide & we appreciate all your work)?

I can share the code if you provide me email details directly or via support ticket which we already have? let me know so that we can share the details.It is kind of urgent and appreciate any help here.

dchiesa1

Vinay, if you upload your encryption / descryption code to the support ticket I will be able to see it.

API-Evangelist

Great!Uploaded the working as standalone to case # 1440218

Just need to make it work in apigee..

Really appriciate dino for your help.

API-Evangelist

We kind of finally able to crack it .Doing some final checks.Still want to see if your version as well.

Thanks Dino for pointing out to earlier gihub post which helped us proceed.

DChiesa

Vinay,

See this example of a Java callout that does encryption and decryption using the XMLCipher class from Apache Santaurio

Example input:

<order>
  <customer customerNumber="0815A4711">
    <name>Michael Sonntag</name>
    <address>
      <street>Altenbergerstr. 69</street>
      <ZIP>4040</ZIP>
      <city>Linz</city>
    </address>
  </customer>
  <articles>
    <line>
      <quantity unit="piece">30</quantity>
      <product productNumber="9907">XML editing widget</product>
      <price currency="EUR">0.10</price>
    </line>
  </articles>
  <payment type="CC">
    <creditcard issuer="Mastercard">
      <nameOnCard>Mag. Dipl.-Ing. Dr. Michael Sonntag</nameOnCard>
      <number>5201 2345 6789 0123</number>
      <expiryDate>2006-04-30</expiryDate>
    </creditcard>
  </payment>
</order>

Example output of the Encrypt function:

<order>
  <customer customerNumber="0815A4711">
    <name>Michael Sonntag</name>
    <address>
      <street>Altenbergerstr. 69</street>
      <ZIP>4040</ZIP>
      <city>Linz</city>
    </address>
  </customer>
  <articles>
    <line>
      <quantity unit="piece">30</quantity>
      <product productNumber="9907">XML editing widget</product>
      <price currency="EUR">0.10</price>
    </line>
  </articles>
  <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/><xenc:CipherData><xenc:CipherValue>ABuAz4R5NL1Lj0gge4wDxpm9OM/RHUGIt7afT6K/3v0=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>D0rt2+gZuUhs/TUJ0vWbDK1+H1YESQztMm+KRA4cCivGv/iRhgLmbznYcBdUuVbaPHLfAXhVL892
7QphINvrL7TcpzEuuFxrXY3K7xbNLquFBEpxOFs0Ize6NUaQ7yYmOUxQIdMTPNfcmieERXfv38d0
2+iZm/26HRFrySZwgUeQvSfWPU9tZpHOua0UtlgfdWbfFh106oO7QKol+iBdc73COaEkj8V9vQwK
cV7BoRyhBRzbqtYhehQfvO/bTgQtyV+jh8US7WYTjJe+jQuWhbSuqv2STTObBr312HeHEzixPS2O
F0Ds6idWbCj7KL4r1p1gMnjnp8ZxBfkKbMRcHg==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
</order>

You can see that the /order/payment element in the output has been replaced with an EncryptedData element. The decrypt operation just reverses that transformation.

Full source code is included in that repo.

Good luck.