Discuss this help topic in SecureBlackbox Forum

Use RSA keys, X.509 certificates or OpenPGP keys for decryption

X.509 certificates, OpenPGP keys and RSA keys can not be used to encrypt or decrypt the data. When there's a need to use public key cryptography for encryption, a symmetric session key is generated and used to encrypt the actual data. Then the public key is used to encrypt the session key itself.

If the session key was encrypted and included with the encrypted data, TElXMLDecryptor.EncryptKey property is true and TElXMLDecryptor.KeyEncryptionType property is set to xetKeyTransport. In this case you need to use asymmetric private key to decrypt the data.

Note, that you can use TElXMLDecryptor.KeyName property as a hint for how to select the key.

For RSA keys:

  1. create an instance of TElXMLKeyInfoRSAData class;
  2. load the RSA key to TElXMLKeyInfoRSAData.RSAKeyMaterial property. Note that you need a private key for decryption;
  3. assign the instance of TElXMLKeyInfoRSAData class to TElXMLDecryptor.KeyEncryptionKeyData property

For X.509 certificates:

  1. create an instance of TElXMLKeyInfoX509Data class;
  2. create an instance of TElX509Certificate class and assign it to TElXMLKeyInfoX509Data.Certificate property;
  3. load the certificate and the private key to the instance of TElX509Certificate class;
  4. assign the instance of TElXMLKeyInfoX509Data class to TElXMLDecryptor.KeyEncryptionKeyData property

For OpenPGP keys:

  1. create an instance of TElXMLKeyInfoPGPData class;
  2. create an instance of TElPGPSecretKey class and assign it to TElXMLKeyInfoPGPData.SecretKey property ;
  3. load the OpenPGP secret key to an instance of TElPGPSecretKey class;
  4. assign the instance of TElXMLKeyInfoPGPData class to TElXMLDecryptor.KeyEncryptionKeyData property

C#:


if (Decryptor.EncryptKey && (Decryptor.KeyEncryptionType == TElXMLKeyEncryptionType.xetKeyTransport))
{
  // set asymmetric private key
  TElXMLKeyInfoX509Data X509KeyData = new TElXMLKeyInfoX509Data(true);
  X509KeyData.Certificate = UserCertificate;
  Decryptor.KeyEncryptionKeyData = X509KeyData;
  // decrypt
  ...
}
Delphi:

if Decryptor.EncryptKey and (Decryptor.KeyEncryptionType = xetKeyTransport) then
begin
  X509KeyData := TElXMLKeyInfoX509Data.Create(true);
  X509KeyData.Certificate := UserCertificate;
  Decryptor.KeyEncryptionKeyData := X509KeyData;
  // decrypt
  ...
  // clearing key objects after encryption
  FreeAndNil(X509KeyData);
end;

How To articles about XML encryption (XMLEnc)

Discuss this help topic in SecureBlackbox Forum