OpenSAML user discussion

[Brent Putman <>]

Title: decrypting EncryptedAssertion in Browser Post profile use case

Hi,
IMHO, handling decryption is by far the most complex and confusing aspect of XML signature and encryption topics, because of all the use cases and possibilities, etc.  (Signature C14N comes a close second).   That's why it's not immediately obvious.  :-)  Just all FYI.  I hope to have some better docs up on the new wiki space soon.  More below.

Below is the assertion I aim to decrypt.
As you can see symmetric key is encrypted using RSA (and an offline key).

That's fine.  Since the EncryptedKey doesn't contain a KeyInfo, I'll assume that you know from context the local key pair (with private key for decryption) that is to be used for decrypting the wrapped data encryption key.  If not, then be aware of that.  The key resolution stuff is what makes all of this hard and complex.  If you assume that away, then it gets a lot easier.

I was hoping to use org.opensaml.saml2.encryption.Decrypter.decrypt(EncryptedAssertion) but not able to figure out rest of the components.

Based on the javadoc I tried constructing Decrypter with StaticKeyInfoCredentialResolver but that did not help.
public Decrypter(KeyInfoCredentialResolver newResolver,
                 KeyInfoCredentialResolver newKEKResolver,
                 EncryptedKeyResolver newEncKeyResolver)

Constructor.

To summarize the options and components here:

Parameters:

newResolver - resolver for data encryption keys.

This is for resolving the data decryption key from the EncryptedData/KeyInfo directly.  In theory you could supply a KeyInfoCredentialResolver impl that just does whatever that implies, including handling EncryptedKeys, etc.  But in reality this would probably mostly be used for cases where you aren't using an EncryptedKey, where you're instead using a shared secret symmetric data encryption key, that is either known from context or is identified by the EncryptedData/KeyInfo.

You're not doing any of that, so you could safely pass a null here.

newKEKResolver - resolver for key encryption keys.

This handles resolving the key used to decrypt an EncryptedKey, based on the EncryptedKey/KeyInfo.  Assuming asymmetric key transport, practically speaking this means resolving the private key that corresponds to the public key used by the peer to encrypt the EncryptedKey, where the latter is perhaps identified (by value or by identifier/reference) in the EncryptedKey/KeyInfo.  There is a KeyInfoCredentialResolver specialization called LocalKeyInfoCredentialResolver which could be used for this purpose for the general case.

However, since you (presumably) know in advance the decryption key pair from context (since there's no EncryptedKey/KeyInfo), you could just just a StaticKeyInfoCredentialResolver there.

newEncKeyResolver - resolver for EncryptedKey elements

This handles resolving the EncryptedKey(s) elements which contain the (encrypted) data decryption key for a given EncryptedData.  Again, this can be very complex to support all use cases, especially when the encrypted data is being "multicast" to multiple recipients.  Note SAML 2.0 has special allowance in the schema for locating the EncryptedKey(s) as peer elements to the EncryptedData, rather than inside it.

But fortunately here you have the simplest case, where the (single) EncryptedKey is "inline" inside the EncryptedData/KeyInfo.  So you can just use an instance of InlineEncryptedKeyResolver there.


So that's what the main Decrypter-related components do.


So in short try passing to the Decrypter constructor:
1st arg - null
2nd arg - a StaticKeyInfoCredentialResolver (with a Credential containing your decryption key pair)
3rd arg - an InlineEncryptedKeyResolver (takes no constructor arguments)


Thanks,
Brent