0

I have to decode an XML encrypted document. The relevant part is:

        <Master_key>
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
          <KeyInfo>
            <ds:KeyName>TK</ds:KeyName>
            <ds:RetrievalMethod URI="#TK" Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" />
          </KeyInfo>
          <CipherData>
            <xenc:CipherValue>73CEFD0CE530C157C275152964EFBC322D26C2E356A3F3079E026FB2B6B562BD810043066300924078472229583118A8</xenc:CipherValue>
            <xenc:FingerPrint>739E0E8490EACBCB2EA11D4A5DBEFBAE888B092E</xenc:FingerPrint>
          </CipherData>
        </Master_key>

The Master_Key is an encrypted element. aes256-cbc is used for encryption. The AES256 key is a session key and defined at the begin of the XML:

<Security>
  <Transport_key Id="TK">
    <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
    <KeyInfo>
      <ds:RetrievalMethod URI="#PKC" Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" />
    </KeyInfo>
    <CipherData>
      <xenc:CipherValue>968A0AFA54DAD4081FC264C90CD5F1341AD8274F130F5E9E8DC397B9FE3B7EC00FC72DD8C8A22B6E8A606B7693B80882777972D61316FD280A64D166DD0DA08748D285A2D4236DC92153C7A3ECF77580F380BE1A4E8B5E688BDB090A92B5C0CF3C1D90E00E73B4B50940195587DECB1ECF686B51C3C566D0BC36EA5EC0E87C32827EFFCDD3B5A91AF9AD0A0594527E43395CB6CC44653F60F9792505598709FE2C5F1BD21BAA8B6C9C02ADE354B7E8717BE999A11B6422F6C67B0D7A13C96051658C2B0315812DD772321E9820FEE73843C76869F65FE6327253A5BDD1255EF4DEA9B5A17DB54A5B7AEEA1DB4BEA018301E2CAB04B79A3EF81A419DB2B837404</xenc:CipherValue>
      <xenc:FingerPrint>1F1862AFB4CC212C18439F12C1C3E6B615E70F65</xenc:FingerPrint>
    </CipherData>
    <CarriedKeyName>TK</CarriedKeyName>
  </Transport_key>
</Security>

It is itself encrypted with rsa-1_5, based on a public key, for which the decrypter must have the private key.

I have to decrypt the content. Although I know the private key, I have no idea at the moment how to do that. In particular I'm wondering why the ciphered value 

73CEFD0CE530C157C275152964EFBC322D26C2E356A3F3079E026FB2B6B562BD810043066300924078472229583118A8

is 48 Bytes long. Shouldn't it be a multiple of 32 Bytes, because AES256 uses a blocklength of 256bits=32bytes.

I would appreciate any help...

MichaelW
  • 1,328
  • 1
  • 15
  • 32
  • 1
    The block size of AES is always 16 bytes. The key sizes may be 16, 24, or 32 bytes. The 256 in AES256 is a reference to the key size. – President James K. Polk Jan 15 '18 at 21:11
  • That makes sense...thanks for the hint. A thought all the time that 256 is also the block size. Lets say my plain text is 32 Bytes long. So this gives two blocks of 16, plus one padding block with 16 bytes 0x10. In total 3 blocks = 48 bytes. Is that right? – MichaelW Jan 15 '18 at 21:37
  • 2
    The standard you are using for XML encryption will specify the format of the cipher including the padding, but I'm not familiar with that standard. What you've suggested is certainly a reasonable possibility. – President James K. Polk Jan 15 '18 at 22:03
  • XML-enc is handled in plenty of libraries. Java has an implementation, for one. It's strongly recommended to use a library instead of trying to program this on your own (as there are many pitfalls). Even then, with XML-enc you should worry about plaintext oracle attacks. – Maarten Bodewes Jan 16 '18 at 01:32

0 Answers0