diff --git a/lib/templates/keyinfo.tpl.xml.js b/lib/templates/keyinfo.tpl.xml.js index b629b37..b66a00f 100644 --- a/lib/templates/keyinfo.tpl.xml.js +++ b/lib/templates/keyinfo.tpl.xml.js @@ -1,10 +1,21 @@ var escapehtml = require('escape-html'); -module.exports = ({ encryptionPublicCert, encryptedKey, keyEncryptionMethod, keyEncryptionDigest }) => ` +const DIGEST_ALGORITHMS = { + 'sha1': 'http://www.w3.org/2000/09/xmldsig#sha1', + 'sha256': 'http://www.w3.org/2001/04/xmlenc#sha256', + 'sha512': 'http://www.w3.org/2001/04/xmlenc#sha512' +}; + +module.exports = ({ encryptionPublicCert, encryptedKey, keyEncryptionMethod, keyEncryptionDigest }) => { + const digestUri = DIGEST_ALGORITHMS[keyEncryptionDigest] || keyEncryptionDigest; + + // RSA-OAEP requires it. RSA-1.5 must NOT have it. + const isOAEP = keyEncryptionMethod && keyEncryptionMethod.includes('rsa-oaep'); + return ` - + ${isOAEP ? `` : ''} ${encryptionPublicCert} @@ -15,4 +26,4 @@ module.exports = ({ encryptionPublicCert, encryptedKey, keyEncryptionMethod, key `; - +} \ No newline at end of file diff --git a/lib/xmlenc.js b/lib/xmlenc.js index b5b204f..b2adb17 100644 --- a/lib/xmlenc.js +++ b/lib/xmlenc.js @@ -242,9 +242,11 @@ function decryptKeyInfo(doc, options) { if (keyDigestMethod) { const keyDigestMethodAlgorithm = keyDigestMethod.getAttribute('Algorithm'); switch (keyDigestMethodAlgorithm) { - case 'http://www.w3.org/2000/09/xmldsig#sha256': + case 'http://www.w3.org/2001/04/xmlenc#sha256': + case 'http://www.w3.org/2000/09/xmldsig#sha256': // backwards compatibility for previous wrong usage oaepHash = 'sha256'; break; + case 'http://www.w3.org/2001/04/xmlenc#sha512': case 'http://www.w3.org/2000/09/xmldsig#sha512': oaepHash = 'sha512'; break;