How to decrypt EncryptedAssertion manually

Question

I want to decrypt the EncryptedAssertion. I tried with OpenSaml Decrypter but its not working for me.I am getting Failed to decrypt EncryptedData I have already ask that questio

Answer 1

    public static byte[] decrypt(byte[] cryptoBytes, byte[] aesSymKey)
        throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
        InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
    // https://github.com/onelogin/java-saml/issues/23
    String cipherMethod = "AES/CBC/ISO10126Padding"; // This should be derived from Cryptic Saml

    AlgorithmParameterSpec iv = new IvParameterSpec(cryptoBytes, 0, 16);
    
    // Strip off the the first 16 bytes because those are the IV
    byte[] cipherBlock = Arrays.copyOfRange(cryptoBytes,16, cryptoBytes.length);
            
    // Create a secret key based on symKey
    SecretKeySpec secretSauce = new SecretKeySpec(aesSymKey, "AES");

    // Now we have all the ingredients to decrypt
    Cipher cipher = Cipher.getInstance(cipherMethod);
    cipher.init(Cipher.DECRYPT_MODE, secretSauce, iv);

    // Do the decryption
    byte[] decrypedBytes = cipher.doFinal(cipherBlock);
    return decrypedBytes;
}

ISO10126Padding should work....

Answer 2

I won't provide you a complete answer but I hope to get you on the right track

You should not just simply decrypt the calue with the private key.

First decrypt the KeyInfo value (unwrap the aes key) using RSA/ECB/PKCS1Padding (according to the provided saml snippet)

It should give you a 256 bit (32 bytes) random key used to encrypt data itself

then use the AES key to decrypt the data . Please note that first bytes (128 bit / 16 bytes, aes block size) is used as IV.

further reading

• https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Processing-Encryption
• https://gusto77.wordpress.com/2017/10/30/encryption-reference-project/