EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Simple Encryptor demo documentation

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#30379
Posted: 08/15/2014 13:23:24
by San P (Standard support level)
Joined: 11/07/2009
Posts: 37

I wonder if there is Simple Encryptor demo's documentation available anywhere.

Principally I understand the idea. But then there are so many choices 'Encrypt key', '3DES, AES', 'KEK Type', 'Key Transport', 'Key name', 'PassPhrase' etc.

I can make it to crypt my XML file, and the output looks all right. Yet the Bank keeps rejecting with "Could not decrypt ApplicationRequest" message.

The problem probably has something to do with Symmetric encrypting. Simple Encryptor seems to be able to do that also, but bank rejects my output.

---
To clarify my thoughts.
I understand that also with Symmetric Encryption I crypt the message with receiver side, so Bank's encryption certificate. Simple Encryptor then uses the Public Key in that .CER certificate, does it's job with settings:Encryption method='3DES' and KEK type ='RSA v1.5', and XML output looks all good.

Next I try to Decrypt the XML I just Encrypted. I understand that at this phase I would need PrivateKey. Yet the Simple Encrypter demo offers only .CER certificate to load for Decrypting. AFAIK, there can not be PrivateKey stored in the .CER format.

I would expect the demo to offer .PFX or .P12 certificate to load. Those have also PrivateKey stored inside. I have tried in several ways how to Decrypt the file I created, but get 'Decryption failed. Error code: 0x8553.' style error messages. I just do not find the right settings.
--
I wish there were some working Certificates, and some sample XML files, before and after encrypting, in the Simple Cryptor's folder.

The same wish goes for Simple Signer also. Then it would much easier to start testing the overall functionality. Maybe also some documentative words about the several choices, about Symmetric encrypting etc.

Thanks for any comments
-Sanna
#30380
Posted: 08/15/2014 13:33:27
by Eugene Mayevski (EldoS Corp.)

The best way to diagnose and solve the problem is
1) use the sample certificate (provided in Extra\Certificates folder) to both encrypt and decrypt the data to ensure that the process generally works (you set right parameters, call right methods etc)
2) get a copy of the properly encrypted XML data from the recipient as a sample
3) make your resulting (encrypted) XML have the same structure as the sample encrypted data. I.e. ensure that all required nodes are present and probably omit the nodes missing from the sample data.

Quote
San P wrote:
I wish there were some working Certificates, and some sample XML files, before and after encrypting, in the Simple Cryptor's folder.

The same wish goes for Simple Signer also. Then it would much easier to start testing the overall functionality. Maybe also some documentative words about the several choices, about Symmetric encrypting etc.


XML signing and encryption is the field where each recipient party sets its own rules and you need to guess what they expect to accept. So anything "sample" will be useless in 99% of actual cases. We have plenty of users of XML components and most of them need assistance to format the document to the pesky requirements of the recipient.

Quote
San P wrote:
Next I try to Decrypt the XML I just Encrypted. I understand that at this phase I would need PrivateKey. Yet the Simple Encrypter demo offers only .CER certificate to load for Decrypting. AFAIK, there can not be PrivateKey stored in the .CER format.

I would expect the demo to offer .PFX or .P12 certificate to load.


You are using quite old version of SecureBlackbox and I don't know how the sample behaved there. In version 12 the sample accepts any files (there's *.* mask set for the selection open box). You are right that either PEM with a private key or a PFX file is required.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 669 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!