Databases
StackOverflow2013
Postsdbo
POPingIdentity SAML2.0 EncryptedAssertion -- Trouble decrypting cipherdata
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPingIdentity SAML2.0 EncryptedAssertion -- Trouble decrypting cipherdata
    text
    copied!<p>I'm working on an SSO solution that must receive a SAML2.0 assertion to the log the user in. This was working until the assertion needed to have encrypted data. The assertion response looks like this (with some info clipped out):</p> <pre><code>&lt;samlp:Response IssueInstant="2013-07-09T21:00:22.884Z" ID="..." Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"&gt; &lt;saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"&gt;...&lt;/saml:Issuer&gt; &lt;samlp:Status&gt; &lt;samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/&gt; &lt;/samlp:Status&gt; &lt;saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"&gt; &lt;xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"&gt; &lt;xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/&gt; &lt;ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"&gt; &lt;xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"&gt; &lt;xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/&gt; &lt;xenc:CipherData&gt; &lt;xenc:CipherValue&gt;BB9KCO...gRGc7w03zZ5Q==&lt;/xenc:CipherValue&gt; &lt;/xenc:CipherData&gt; &lt;/xenc:EncryptedKey&gt; &lt;/ds:KeyInfo&gt; &lt;xenc:CipherData&gt; &lt;xenc:CipherValue&gt;kb/HpNix...TcvxjypM&lt;/xenc:CipherValue&gt; &lt;/xenc:CipherData&gt; &lt;/xenc:EncryptedData&gt; &lt;/saml:EncryptedAssertion&gt; &lt;/samlp:Response&gt; </code></pre> <p>As you can see, there's an encrypted key and the encrypted data. They were given a cert from which they extract the public key to use for encryption. My understanding is I would use our private key to decrypt the <strong>EncryptedKey</strong> and then use that key to decrypt the <strong>EncryptedData</strong>. But the decryption continues to fail.</p> <p>I was testing like this:</p> <pre><code>$data ='....'; //Contains the EncryptedKey cipherdata $privateKey = '....'; //Contains the private key $decrypted = null; //destination for decrypted data $result = openssl_private_decrypt($data, $decrypted, $privateKey); </code></pre> <p><code>$result</code> would be FALSE and <code>$decrypted</code> is NULL. I've encrypted data with the public key and successfully decrypted it with the private key, so I'm confident the X.509 cert containing them is valid. Can someone shed some light on this? Thanks in advance.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload