Forums, Documentation & Knowledge Base - ComponentSpace

SAML Encryption Exception


https://componentspace.com/forums/Topic10112.aspx

By jgarcia - 6/26/2019

I am trying to encrypt a metadata file (I am using the IdP-Template metadata) to see how it works.

I introduced this command:
.\EncryptAssertion.exe -a SHA256 -c C:\Users\jgarcia\Downloads\SAMLv20-evaluation\test.cer C:\Users\jgarcia\Downloads\SAMLv20-evaluation\IdPmetadata.xml

And the answer I receive is:
Loading certificate C:\Users\jgarcia\Downloads\SAMLv20-evaluation\test.cer
Loading C:\Users\jgarcia\Downloads\SAMLv20-evaluation\IdPmetadata.xml
Encrypting SAML assertion
ComponentSpace.SAML2.Exceptions.SAMLEncryptionException: Unsupported data encryption method SHA256
 at ComponentSpace.SAML2.Utility.XmlEncryption.CreateSymmetricKey(EncryptionMethod encryptionMethod, Byte[] key)
 at ComponentSpace.SAML2.Utility.XmlEncryption.Encrypt(XmlElement plainTextElement, AsymmetricAlgorithm keyEncryptingKey, EncryptionMethod keyEncryptionMethod, EncryptionMethod dataEncryptionMethod, KeyInfo keyInfo)
 at ComponentSpace.SAML2.Utility.XmlEncryption.Encrypt(XmlElement plainTextElement, X509Certificate2 x509Certificate, EncryptionMethod keyEncryptionMethod, EncryptionMethod dataEncryptionMethod)
 at ComponentSpace.SAML2.Assertions.EncryptedAssertion..ctor(XmlElement samlAssertion, X509Certificate2 x509Certificate, EncryptionMethod keyEncryptionMethod, EncryptionMethod dataEncryptionMethod)
 at ComponentSpace.SAML2.Assertions.EncryptedAssertion..ctor(XmlElement samlAssertion, X509Certificate2 x509Certificate, EncryptionMethod dataEncryptionMethod)
 at EncryptAssertion.Program.EncryptAssertion(XmlElement xmlElement) in C:\Users\jgarcia\Downloads\SAMLv20-evaluation\SAML for .NET\Examples\Utility\EncryptAssertion\Program.cs:line 97
 at EncryptAssertion.Program.Main(String[] args) in C:\Users\jgarcia\Downloads\SAMLv20-evaluation\SAML for .NET\Examples\Utility\EncryptAssertion\Program.cs:line 109

I suppose I am writing the encryption method wrong. But, what I have to write there if I want to encrypt the metadata file with the AES-256 algorithm?

Thanks,
By ComponentSpace - 6/26/2019

There are two two algorithms involved in XML encryption - one to encrypt the randomly generated symmetric key and one to encrypt the XML using the symmetric key.

The symmetric key encryption algorithm options are:

http://www.w3.org/2001/04/xmlenc#rsa-1_5
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p

The XML encryption algorithm options are:

http://www.w3.org/2001/04/xmlenc#tripledes-cbc
http://www.w3.org/2001/04/xmlenc#kw-tripledes
http://www.w3.org/2001/04/xmlenc#aes128-cbc
http://www.w3.org/2001/04/xmlenc#kw-aes128
http://www.w3.org/2001/04/xmlenc#aes192-cbc
http://www.w3.org/2001/04/xmlenc#kw-aes192
http://www.w3.org/2001/04/xmlenc#aes256-cbc
http://www.w3.org/2001/04/xmlenc#kw-aes256

We default to http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p and http://www.w3.org/2001/04/xmlenc#aes256-cbc.

To use AES-256 you should specify http://www.w3.org/2001/04/xmlenc#aes256-cbc.