Open ciis0 opened 1 year ago
extract encrypted key (esec.b64) from XML
esec.b64
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-b2af33bb-aacd-4b6f-bbbf-cada8d8ecbee"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <!-- ... ---> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue><!-- enc.b64 --></xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#ED-585a0a6b-36f0-4d5e-9052-f98463810da0"/> </xenc:ReferenceList> </xenc:EncryptedKey>
extract encrypted data (edat.b64) from XML
edat.b64
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-585a0a6b-36f0-4d5e-9052-f98463810da0" Type="http://www.w3.org/2001/04/xmlenc#Content"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"> <wsse:Reference URI="#EK-b2af33bb-aacd-4b6f-bbbf-cada8d8ecbee"/> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> <!-- edat.b64 --> </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData>
get key as pem (key.pem)
key.pem
pkey.pem
# decrypt secret base64 -d esec.b64 > esec openssl pkeyutl -decrypt -in esec -inkey key.pem > dkey # split data and IV base64 -d edat.b64 > edat dd if=edat of=edat.iv bs=1 count=16 dd if=edat of=edat.dt bs=1 skip=16 # decrypt openssl enc -d -in edat.dt -iv $(xxd -p edat.iv) -K $(xxd -p dkey | tr -d "\n ") -aes-256-cbc > dec.xml
extract encrypted key (
esec.b64) from XMLextract encrypted data (
edat.b64) from XMLget key as pem (
key.pem)pkey.pemesec.b64edat.b64