forked from openkylin/xmlsec1
175 lines
6.9 KiB
HTML
175 lines
6.9 KiB
HTML
![]() |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|||
|
<html>
|
|||
|
<head>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|
|||
|
<title>Encrypting data.: XML Security Library Reference Manual</title>
|
|||
|
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
|
|||
|
<link rel="home" href="index.html" title="XML Security Library Reference Manual">
|
|||
|
<link rel="up" href="xmlsec-notes-sign-encrypt.html" title="Signing and encrypting documents.">
|
|||
|
<link rel="prev" href="xmlsec-notes-sign.html" title="Signing a document.">
|
|||
|
<link rel="next" href="xmlsec-notes-templates.html" title="Creating dynamic templates.">
|
|||
|
<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
|
|||
|
<link rel="stylesheet" href="style.css" type="text/css">
|
|||
|
</head>
|
|||
|
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
|
|||
|
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
|
|||
|
<td width="100%" align="left" class="shortcuts"></td>
|
|||
|
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
|
|||
|
<td><a accesskey="u" href="xmlsec-notes-sign-encrypt.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
|
|||
|
<td><a accesskey="p" href="xmlsec-notes-sign.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
|
|||
|
<td><a accesskey="n" href="xmlsec-notes-templates.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
|
|||
|
</tr></table>
|
|||
|
<div class="sect1">
|
|||
|
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
|||
|
<a name="xmlsec-notes-encrypt"></a>Encrypting data.</h2></div></div></div>
|
|||
|
<p>The typical encryption process includes following steps:
|
|||
|
</p>
|
|||
|
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
|
|||
|
<li class="listitem"><p>
|
|||
|
Prepare data for encryption.
|
|||
|
</p></li>
|
|||
|
<li class="listitem"><p>
|
|||
|
Create or load encryption template and select start
|
|||
|
<enc:EncryptedData/> node.
|
|||
|
</p></li>
|
|||
|
<li class="listitem"><p>
|
|||
|
Create encryption context <a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtx" title="struct xmlSecEncCtx">xmlSecEncCtx</a>
|
|||
|
using <a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtxCreate" title="xmlSecEncCtxCreate ()">xmlSecEncCtxCreate</a> or
|
|||
|
<a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtxInitialize" title="xmlSecEncCtxInitialize ()">xmlSecEncCtxInitialize</a>
|
|||
|
functions.
|
|||
|
</p></li>
|
|||
|
<li class="listitem"><p>
|
|||
|
Load encryption key in <a class="link" href="xmlsec-keysmngr.html#xmlSecKeysMngr" title="struct xmlSecKeysMngr">keys manager</a>
|
|||
|
or generate a session key and set it in the encryption context
|
|||
|
(<em class="structfield"><code>encKey</code></em> member of
|
|||
|
<a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtx" title="struct xmlSecEncCtx">xmlSecEncCtx</a> structure).
|
|||
|
</p></li>
|
|||
|
<li class="listitem">
|
|||
|
<p>
|
|||
|
Encrypt data by calling one of the following functions:
|
|||
|
</p>
|
|||
|
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; ">
|
|||
|
<li class="listitem"><p>
|
|||
|
<a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtxBinaryEncrypt" title="xmlSecEncCtxBinaryEncrypt ()">xmlSecEncCtxBinaryEncrypt</a>
|
|||
|
</p></li>
|
|||
|
<li class="listitem"><p>
|
|||
|
<a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtxXmlEncrypt" title="xmlSecEncCtxXmlEncrypt ()">xmlSecEncCtxXmlEncrypt</a>
|
|||
|
</p></li>
|
|||
|
<li class="listitem"><p>
|
|||
|
<a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtxUriEncrypt" title="xmlSecEncCtxUriEncrypt ()">xmlSecEncCtxUriEncrypt</a>
|
|||
|
</p></li>
|
|||
|
</ul></div>
|
|||
|
<p>
|
|||
|
</p>
|
|||
|
</li>
|
|||
|
<li class="listitem"><p>
|
|||
|
Check returned value and if necessary consume encrypted data.
|
|||
|
</p></li>
|
|||
|
<li class="listitem"><p>
|
|||
|
Destroy encryption context <a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtx" title="struct xmlSecEncCtx">xmlSecEncCtx</a>
|
|||
|
using <a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtxDestroy" title="xmlSecEncCtxDestroy ()">xmlSecEncCtxDestroy</a> or
|
|||
|
<a class="link" href="xmlsec-xmlenc.html#xmlSecEncCtxFinalize" title="xmlSecEncCtxFinalize ()">xmlSecEncCtxFinalize</a>
|
|||
|
functions.
|
|||
|
</p></li>
|
|||
|
</ul></div>
|
|||
|
<p>
|
|||
|
</p>
|
|||
|
<p>
|
|||
|
</p>
|
|||
|
<div class="example">
|
|||
|
<a name="id-1.2.6.4.3.1"></a><p class="title"><b>Example 11. Encrypting binary data with a template.</b></p>
|
|||
|
<div class="example-contents">
|
|||
|
<pre class="programlisting">
|
|||
|
/**
|
|||
|
* encrypt_file:
|
|||
|
* @tmpl_file: the encryption template file name.
|
|||
|
* @key_file: the Triple DES key file.
|
|||
|
* @data: the binary data to encrypt.
|
|||
|
* @dataSize: the binary data size.
|
|||
|
*
|
|||
|
* Encrypts binary #data using template from #tmpl_file and DES key from
|
|||
|
* #key_file.
|
|||
|
*
|
|||
|
* Returns 0 on success or a negative value if an error occurs.
|
|||
|
*/
|
|||
|
int
|
|||
|
encrypt_file(const char* tmpl_file, const char* key_file, const unsigned char* data, size_t dataSize) {
|
|||
|
xmlDocPtr doc = NULL;
|
|||
|
xmlNodePtr node = NULL;
|
|||
|
xmlSecEncCtxPtr encCtx = NULL;
|
|||
|
int res = -1;
|
|||
|
|
|||
|
assert(tmpl_file);
|
|||
|
assert(key_file);
|
|||
|
assert(data);
|
|||
|
|
|||
|
/* load template */
|
|||
|
doc = xmlParseFile(tmpl_file);
|
|||
|
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
|
|||
|
fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
|
|||
|
goto done;
|
|||
|
}
|
|||
|
|
|||
|
/* find start node */
|
|||
|
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
|
|||
|
if(node == NULL) {
|
|||
|
fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
|
|||
|
goto done;
|
|||
|
}
|
|||
|
|
|||
|
/* create encryption context, we don't need keys manager in this example */
|
|||
|
encCtx = xmlSecEncCtxCreate(NULL);
|
|||
|
if(encCtx == NULL) {
|
|||
|
fprintf(stderr,"Error: failed to create encryption context\n");
|
|||
|
goto done;
|
|||
|
}
|
|||
|
|
|||
|
/* load DES key */
|
|||
|
encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
|
|||
|
if(encCtx->encKey == NULL) {
|
|||
|
fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
|
|||
|
goto done;
|
|||
|
}
|
|||
|
|
|||
|
/* set key name to the file name, this is just an example! */
|
|||
|
if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
|
|||
|
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
|
|||
|
goto done;
|
|||
|
}
|
|||
|
|
|||
|
/* encrypt the data */
|
|||
|
if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) < 0) {
|
|||
|
fprintf(stderr,"Error: encryption failed\n");
|
|||
|
goto done;
|
|||
|
}
|
|||
|
|
|||
|
/* print encrypted data with document to stdout */
|
|||
|
xmlDocDump(stdout, doc);
|
|||
|
|
|||
|
/* success */
|
|||
|
res = 0;
|
|||
|
|
|||
|
done:
|
|||
|
/* cleanup */
|
|||
|
if(encCtx != NULL) {
|
|||
|
xmlSecEncCtxDestroy(encCtx);
|
|||
|
}
|
|||
|
|
|||
|
if(doc != NULL) {
|
|||
|
xmlFreeDoc(doc);
|
|||
|
}
|
|||
|
return(res);
|
|||
|
}
|
|||
|
</pre>
|
|||
|
<p><a class="link" href="xmlsec-encrypt-template-file.html#xmlsec-example-encrypt1" title="encrypt1.c">Full program listing</a></p>
|
|||
|
<p><a class="link" href="xmlsec-encrypt-template-file.html#xmlsec-example-encrypt1-tmpl" title="encrypt1-tmpl.xml">Simple encryption template file</a></p>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<p><br class="example-break">
|
|||
|
</p>
|
|||
|
</div>
|
|||
|
<div class="footer">
|
|||
|
<hr>Generated by GTK-Doc V1.27</div>
|
|||
|
</body>
|
|||
|
</html>
|