[xmlsec] 암호화 또는 복호화시 --pwd 옵션 사용하기

박영식2010.05.11 01:32조회 수 3698댓글 0

아래의 예제에서는 xml sign 때 keyfile을 생성해 암호화 하는 방법을 이용했다.

--pwd 옵션을 사용해 암호화 하는 옵션은 아래와 같다.(대상 파일은 dsig_doc.xml]이다
[dsig_doc.xml]
<?xml version='1.0'?>
<References>
<PaymentInfo xmlns="http://example.org/paymentv2">
    <Name>John Smith</Name>
    <CreditCard Limit="5,000" Currency="USD">
      <Number>4019 2445 0277 5567</Number>
      <Issuer>Example Bank</Issuer>
      <Expiration>04/02</Expiration>
    </CreditCard>
</PaymentInfo>
<Web>
    <Title>XMLSec</Title>
    <Url>http://www.aleksey.com/xmlsec/</Url>
</Web>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue></DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue></SignatureValue>
    <KeyInfo>
      <KeyValue/>
    </KeyInfo>
</Signature>
</References>

$ xmlsec1 sign --output dsig2.xml --privkey-pem userkey.pem --pwd hello dsig_doc.xml

반드시 userkey.pem 파일 뒤에 --pwd 옵션을 써 줘야 한다.
(You must write --pwd option after userkey.pem)

decryption은 아래와 같다.

$ xmlsec1 decrypt --privkey-pem userkey.pem --pwd hello doc-encrypted-xmlpath.xml

사용된 파일은 아래에 코드로 공개한다. 파일로 저장해 사용하면 된다.
[userkey.pem]
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,7D88A380248C2614

02esmv1iImtl5MVME36xJxIF4PGKI66Y1sS/qpgiXupAFA+5sRDviNHYRYWOp8hZ
W8k0fem0hai82dUQS8bmUdi24ZWyUISMaQFojPcutuDF07HIe8voYpI8iWU/zw2z
Is6eZlFJvsHDf34igSXaD10EPWbO9uLKlFl1YEwyhAKP6jlo4Oe6d69DBazlH3vT
ilmOKtkUOoks3Ri9WJH20zqNwLpa4mEt+0sgfkAUPgsOWyJd3BJ3rDdZp4TIFtUU
MoNqdxb/6vMhghC6yp0uUsu7n9dmmcRcvb+MWC2JOSEIdKvev0bt0Wvk8ZDNId2a
9V14QCKGGeQ1T9/Mc09nNWlA559By+YZxIn51+J5No2+3G1oPka8jVTZ3Q+orkaU
nBjgg+e5SIWd6BZF8QZs5vOJhcABAweKsdTJuksVyKTCw9gwcNYTqakKY9Bt+kD0
Q1hDIjCV725TuML7707cPeBO2Rhpc0Tr79WJepB3L+V0/PLIaYhdhLI0FTpzxUN/
lWOyy0wzzU9zfGsWCG6KECu+OriX0GSu//F7nZ0/7U0FxzwAqCykS/lej0byS0bK
iL0nsjMRPlVVnM73Chq7p65pYLJ70K5nSlLoXjPoWGJ0DQYyMnB9WcvbBwvWoRW3
/9Dm/ZDLj1xP4U5oKHAgkaxJOkKnmoLOG1F/NnwqzXw4+M5BzMWwtXH3QAaKJ9DU
UiNQgP9O33HMx85n7tugmR0NkZAbeJ8LmSRSoTiZ1UxHtLTRqvWhTRg3e73I4pcG
gD8t+bNqjbY+XGLmgpAkoAXpjIkkxmZD6layeG+VIC13ZROM5onWyA==
-----END RSA PRIVATE KEY-----

[doc-encrypted-xmlpath.xml]
<?xml version="1.0" encoding="utf-8"?>
<PayInfo>
<Name>John Smith</Name>
<CreditCard Limit="2,000" Currency="USD"><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
   <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <KeyName/>
   </KeyInfo>
   <CipherData>
    <CipherValue>lZ9TlXNe0NeZXE46C6meDspgTMsnvZwgkDpKSaKDiAQ/KSJ0P4acuxnN7saI6XIW
XzX8eqQPztF8sQyw65rUCJuAaHw0BcKOZ21QpNVL74OU5jYv/Fh/kI2srEEsjz5b
lFmRWSp1mSxb27N3WqB+KsEpZWazAA2KCNpP/80C/To=</CipherValue>
   </CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>nOcInRsN4z/MMwjyKR67X6IqWUfq7VgDefQHy5Q4uSsISm6kMSmVEFxH2IIVVZTU
QYzY5ABu4LeeosSE9Y/eplgV0u80V5vT2ddSR9YzwW97Lnn59hbN8bNOdjYsrbw0
4DK7HOTqxFyCrXIcqsZaokNDt+z1lw/kKrYXKFd02Y7GPwzw0b1O6nD5FvS8+jI3</CipherValue>
</CipherData>
</EncryptedData></CreditCard>
</PayInfo>