		@@ -1,22 +0,25 @@
		var crypto = require('crypto');
		var async = require('async');
		var xmldom = require('xmldom');
		var xpath = require('xpath');
		var utils = require('./utils');
		var pki = require('node-forge').pki;
		var crypto = require('crypto');
		var async = require('async');
		var xmldom = require('xmldom');
		var xpath = require('xpath');
		var utils = require('./utils');
		var pki = require('node-forge').pki;

		function encryptKeyInfoWithScheme(symmetricKey, options, scheme, callback) {
		var rsa_pub = pki.publicKeyFromPem(options.rsa_pub);
		var encrypted = rsa_pub.encrypt(symmetricKey.toString('binary'), scheme);
		var base64EncodedEncryptedKey = new Buffer(encrypted, 'binary').toString('base64');

		var params = {
		encryptedKey: base64EncodedEncryptedKey,
		encryptionPublicCert: '<X509Data><X509Certificate>' + utils.pemToCert(options.pem.toString()) + '</X509Certificate></X509Data>',
		keyEncryptionMethod: options.keyEncryptionAlgorighm
		};

		var result = utils.renderTemplate('keyinfo', params);

		return callback(null, result);
		try {
		var rsa_pub = pki.publicKeyFromPem(options.rsa_pub);
		var encrypted = rsa_pub.encrypt(symmetricKey.toString('binary'), scheme);
		var base64EncodedEncryptedKey = new Buffer(encrypted, 'binary').toString('base64');

		var params = {
		encryptedKey: base64EncodedEncryptedKey,
		encryptionPublicCert: '<X509Data><X509Certificate>' + utils.pemToCert(options.pem.toString()) + '</X509Certificate></X509Data>',
		keyEncryptionMethod: options.keyEncryptionAlgorighm
		};

		var result = utils.renderTemplate('keyinfo', params);
		callback(null, result);
		} catch (e) {
		callback(e);
		}
		}
		@@ -37,6 +40,6 @@
		case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
		return encryptKeyInfoWithScheme(symmetricKey, options, 'RSA-OAEP', callback)
		return encryptKeyInfoWithScheme(symmetricKey, options, 'RSA-OAEP', callback);

		case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
		return encryptKeyInfoWithScheme(symmetricKey, options, 'RSAES-PKCS1-V1_5', callback)
		return encryptKeyInfoWithScheme(symmetricKey, options, 'RSAES-PKCS1-V1_5', callback);

		@@ -111,3 +114,3 @@ default:
		cb(null, result);
		});
		});
		}
		@@ -159,3 +162,3 @@ ], callback);
		case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc':
		decipher = crypto.createDecipheriv('aes-256-cbc', symmetricKey, encrypted.slice(0, 16));
		decipher = crypto.createDecipheriv('aes-256-cbc', symmetricKey, encrypted.slice(0, 16));

		@@ -173,9 +176,7 @@ decipher.setAutoPadding(false);
		}

		decrypted = new Buffer(decrypted, 'binary').toString('utf8');
		break;
		case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
		decipher = crypto.createDecipheriv('des-ede3-cbc', symmetricKey, encrypted.slice(0,8));
		decipher = crypto.createDecipheriv('des-ede3-cbc', symmetricKey, encrypted.slice(0,8));
		decrypted = decipher.update(encrypted.slice(8), null, 'binary') + decipher.final('binary');

		decrypted = new Buffer(decrypted, 'binary').toString('utf8');
		@@ -202,6 +203,6 @@ break;
		switch (keyEncryptionAlgorighm) {
		case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
		return decryptKeyInfoWithScheme(encryptedKey, options, 'RSA-OAEP')
		case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
		return decryptKeyInfoWithScheme(encryptedKey, options, 'RSAES-PKCS1-V1_5')
		case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
		return decryptKeyInfoWithScheme(encryptedKey, options, 'RSA-OAEP');
		case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
		return decryptKeyInfoWithScheme(encryptedKey, options, 'RSAES-PKCS1-V1_5');
		default:
		@@ -213,6 +214,11 @@ throw new Error('key encryption algorithm ' + keyEncryptionAlgorighm + ' not supported');
		function decryptKeyInfoWithScheme(encryptedKey, options, scheme) {
		var key = new Buffer(encryptedKey.textContent, 'base64').toString('binary');
		var private_key = pki.privateKeyFromPem(options.key);
		var decrypted = private_key.decrypt(key, scheme);
		return new Buffer(decrypted, 'binary');
		try {
		var key = new Buffer(encryptedKey.textContent, 'base64').toString('binary');
		var private_key = pki.privateKeyFromPem(options.key);
		var decrypted = private_key.decrypt(key, scheme);
		return new Buffer(decrypted, 'binary');
		}
		catch (e) {
		throw e;
		}
		}
		@@ -225,3 +231,3 @@

		var cipher = crypto.createCipheriv(algorithm, symmetricKey, iv);
		var cipher = crypto.createCipheriv(algorithm, symmetricKey, iv);
		// encrypted content
		@@ -238,2 +244,2 @@ var encrypted = cipher.update(content, encoding, 'binary') + cipher.final('binary');
		decryptKeyInfo: decryptKeyInfo
		};
		};

package.json

		{
		"name": "xml-encryption",
		"version": "0.7.2",
		"version": "0.7.4",
		"devDependencies": {
		@@ -5,0 +5,0 @@ "mocha": "*",

README.md

		@@ -79,1 +79,5 @@ [![Build Status](https://travis-ci.org/auth0/node-xml-encryption.png)](https://travis-ci.org/auth0/node-xml-encryption)
		However, you can fork and implement your own algorithm. The code supports adding more algorithms easily

		## Issue Reporting

		If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.

test/xmlenc.encryptedkey.js

		@@ -144,2 +144,10 @@ var assert = require('assert'),

		it('should catch error if padding length > 16', function (done) {
		var encryptedContent = fs.readFileSync(__dirname + '/test-padding-length.xml').toString();
		xmlenc.decrypt(encryptedContent, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
		assert(err);
		done();
		});
		});

		});

xml-encryption - npm Package Compare versions

Improved metrics