guys thanks for the reply,
The problem is that the client would not change anything at there end. So any alternative method is not feasible.
I need solution for decrypting data from that encrypted xml and as sg707 suggested, we need to know algorithm used by client.
To explain how XML encryption works with asymmetric keys (public key encryption).
Sender === client
Receiver === me
The usual way of doing public key encryption is that the sender encrypts data with the receiver's public key. The receiver can then decrypt it with the private key, thus ensuring privacy. However, encrypting an entire data stream using asymmetric keys is very expensive, so instead a symmetric (shared) key is generated by the sender. This key is then encrypted with the receiver's public key, and the data stream is then encrypted with the symmetric key.
The asymmetric keys are usually created with the RSA algorithm while a popular choice for symmetric keys is 128 bit AES. In an encrypted XML structure, the data looks like this:
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
In other words, the EncryptedData element (which is a standard XML encryption element) contains a KeyInfo which holds the encrypted symmetric key and a CipherData element which contains data encrypted with the symmetric key. The first element tells us that the symmetric data is encrypted with 128 bit AES, and EncryptedData/KeyInfo/EncryptedKey/EncryptionMethod says that the key itself is encrypted with RSA.
All this means that when encrypting an XML element, two keys must be used: A randomly generated, and the receiver's public key.
Now when I receive the samlResponse i.e. the full xml Assertion document , I would
- decrypt the symmetric key using my certificate's private key
- Use this symmetric key to decrypt xml and get the employee id.
So anyone got suggestions??? I need those badly.