API Connect

API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Encryption session key

    Posted Wed October 18, 2023 07:07 AM

    Hi,

    I am doing encryption using dp:encrypt-key($session-key,$recipient,$KeyTransportAlgorithm) in recipient i pass alice of certificate it work <xsl:variable name="recipient" select="'name:pkey'"/>but when i pass key in string format like this

    <xsl:variable name="recipient" select="'cert:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaM25DoEkoWP0z1E8D/5p1lTgIqLBbVdcqzXtYJGCOiNU2tHK80qMHSV7HkQ4Lj0KPpD2J1Li27zAVYFXRYhqiceqLV7BcXSAFbbL2Cg09eN2pSoJCcq2AvVcvNK0Oz5FcF3BOzPv4sAuIeQxJQpZTTldG1lUZf8EdhXRnLKqwIAXO8xJajxFmbJbU1guCt+2IpW/Mv6xWspXXCeNjk+CChnPY2mPWcz2M4uy71PcoCqE2CBli5/Qr6iTNU6+Z94doIdVx81P8Qffnz8BvR/A79EtC1yYC70QjNIuewYOamVXUgnIAWMPQnZoaP9gUq9WbLSDIoHfAXtoBCJs8Cy0QIDAQAB'"/> 

    It give an error 

    <requestkData>*ASN.1 parse of certificate failed*</requestkData>
    how can i handle this issue? .
    also share my xslt code here:
    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    xmlns:dp="http://www.datapower.com/extensions"
    xmlns:func="http://exslt.org/functions"
    xmlns:apim="http://www.ibm.com/apimanagement" extension-element-prefixes="dp func apim">
    <xsl:import href="local:///isp/policy/apim.custom.xsl" />
    <xsl:include href="store:///dp/apim.custom.xsl" />
    <!--<xsl:output method="xml" omit-xml-declaration="yes"/>-->
    <xsl:template  match="/">
    <!--using aes 128 algo-->
    <xsl:variable name="algorithm" select='"http://www.w3.org/2001/04/xmlenc#aes128-cbc"'/>
    <!--generate key-->
    <xsl:variable name="session-key" select="dp:generate-key($algorithm)" />
    <!--read payloadRead-->
    <!--<xsl:variable name="input" select="apim:payloadRead()" />-->
    <xsl:variable name="input" select="webServiceInputData" />
    <xsl:variable name="inputentity" select="webServiceInputData/webServiceInputDetails/entityDetails" />
    <!--import certificate from dp-->
    <xsl:variable name="recipient" select="'cert:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaM25DoEkoWP0z1E8D/5p1lTgIqLBbVdcqzXtYJGCOiNU2tHK80qMHSV7HkQ4Lj0KPpD2J1Li27zAVYFXRYhqiceqLV7BcXSAFbbL2Cg09eN2pSoJCcq2AvVcvNK0Oz5FcF3BOzPv4sAuIeQxJQpZTTldG1lUZf8EdhXRnLKqwIAXO8xJajxFmbJbU1guCt+2IpW/Mv6xWspXXCeNjk+CChnPY2mPWcz2M4uy71PcoCqE2CBli5/Qr6iTNU6+Z94doIdVx81P8Qffnz8BvR/A79EtC1yYC70QjNIuewYOamVXUgnIAWMPQnZoaP9gUq9WbLSDIoHfAXtoERCSWRVSF'"/>
    <!--import rsa algo for key encryption-->
    <xsl:variable name="KeyTransportAlgorithm" select="'http://www.w3.org/2001/04/xmlenc#rsa-1_5'" />
    <!--Encrytion all data-->
    <xsl:variable name="ciphertext">
     
    <xsl:value-of select="dp:encrypt-data($algorithm,$session-key,$input)"/>
    </xsl:variable>
    <!--Encryption all key throgh cert-->
    <xsl:variable name="encryptedKey">
    <xsl:value-of select="dp:encrypt-key($session-key,$recipient,$KeyTransportAlgorithm)"/>
    </xsl:variable>
    <xsl:message dp:priority="error" >
          The data is
          
    <xsl:copy-of select="$input" />
    </xsl:message>
    <!--<xsl:element name="webServiceRequest">-->
    <!-- <xsl:copy-of select="webServiceInputData/webServiceInputDetails/entityDetails" disable-output-escaping="yes" />-->
    <xsl:element name="webServiceRequest">
       <xsl:copy-of select="$inputentity" />
        <xsl:element name="requestDetails">
    <xsl:element name="requestkData">
    <xsl:value-of select="$encryptedKey" disable-output-escaping="yes"/>
    </xsl:element>
    <xsl:element name="requestData">
    <xsl:value-of select="$ciphertext"/>
    <!--</xsl:element>-->
        
        </xsl:element>
      </xsl:element>
    </xsl:element>
    </xsl:template>
    </xsl:stylesheet>


    ------------------------------
    Shah Wajahat
    ------------------------------


Related Content