XML-Enc
view release on metacpan or search on metacpan
The oaep_label_hash is stored in the DigestMethod child element of
the EncryptionMethod.
oaep_label_hash
Specify the Hash Algorithm to use for the rsa-oaep label as
specified by oaep_params.
The default is sha1. Supported algorithms are:
* sha1 <http://www.w3.org/2000/09/xmldsig#sha1>
* sha224 <http://www.w3.org/2001/04/xmldsig-more#sha224>
* sha256 <http://www.w3.org/2001/04/xmlenc#sha256>
* sha384 <http://www.w3.org/2001/04/xmldsig-more#sha384>
* sha512 <http://www.w3.org/2001/04/xmlenc#sha512>
key_name
Specify a key name to add to the KeyName element. If it is not
specified then no KeyName element is added to the KeyInfo
decrypt( ... )
Main decryption function.
lib/XML/Enc.pm view on Meta::CPAN
};
die "Unsupported symmetric algo $algo" unless $SYMMETRIC->{ $algo };
return $SYMMETRIC->{$algo}
}
sub _assert_encryption_digest {
my $algo = shift;
state $ENC_DIGEST = {
'http://www.w3.org/2000/09/xmldsig#sha1' => 'SHA1',
'http://www.w3.org/2001/04/xmlenc#sha256' => 'SHA256',
'http://www.w3.org/2001/04/xmldsig-more#sha224' => 'SHA224',
'http://www.w3.org/2001/04/xmldsig-more#sha384' => 'SHA384',
'http://www.w3.org/2001/04/xmlenc#sha512' => 'SHA512',
};
die "Unsupported encryption digest algo $algo" unless $ENC_DIGEST->{ $algo };
return $ENC_DIGEST->{ $algo };
}
sub new {
my $class = shift;
lib/XML/Enc.pm view on Meta::CPAN
local $XML::LibXML::skipXMLDeclaration = $self->{ no_xml_declaration };
my $doc = XML::LibXML->load_xml(
string => $xml,
no_network => 1,
load_ext_dtd => 0,
expand_entities => 0
);
my $xpc = XML::LibXML::XPathContext->new($doc);
$xpc->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$xpc->registerNs('xenc', 'http://www.w3.org/2001/04/xmlenc#');
$xpc->registerNs('xenc11', 'http://www.w3.org/2009/xmlenc11#');
$xpc->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
return $doc unless $xpc->exists('//xenc:EncryptedData');
die "You cannot decrypt XML without a private key." unless $self->{key_obj};
my $parser = XML::LibXML->new(
no_network => 1,
lib/XML/Enc.pm view on Meta::CPAN
return $doc->serialize();
}
sub _decrypt_encrypted_key_nodes {
my $self = shift;
my $xpc = shift;
my $parser = shift;
my %options = @_;
my $k = $self->_get_named_key_nodes(
'//xenc:EncryptedData/dsig:KeyInfo/xenc:EncryptedKey',
$xpc, $options{key_name}
);
$k->foreach(
sub {
my $key = $self->_get_key_from_node($_, $xpc);
return unless $key;
my $encrypted_node = $_->parentNode->parentNode;
$self->_decrypt_encrypted_node($encrypted_node,
$key, $xpc, $parser);
}
);
}
sub _decrypt_uri_nodes {
my $self = shift;
my $xpc = shift;
my $parser = shift;
my %options = @_;
my $uri_nodes = $xpc->findnodes('//dsig:KeyInfo/dsig:RetrievalMethod/@URI');
my @uri_nodes = $uri_nodes->map(sub { my $v = $_->getValue; $v =~ s/^#//; return $v; });
foreach my $uri (@uri_nodes) {
my $encrypted_key_nodes = $self->_get_named_key_nodes(
sprintf('//xenc:EncryptedKey[@Id="%s"]', $uri),
$xpc, $options{key_name});
$encrypted_key_nodes->foreach(
sub {
my $key = $self->_get_key_from_node($_, $xpc);
return unless $key;
my $encrypted_nodes = $xpc->findnodes(sprintf('//dsig:KeyInfo/dsig:RetrievalMethod[@URI="#%s"]/../..', $uri));
return unless $encrypted_nodes->size;
$encrypted_nodes->foreach(sub {
$self->_decrypt_encrypted_node(
$_,
$key,
$xpc,
$parser
);
});
lib/XML/Enc.pm view on Meta::CPAN
sub _get_named_key_nodes {
my $self = shift;
my $xpath = shift;
my $xpc = shift;
my $name = shift;
my $nodes = $xpc->findnodes($xpath);
return $nodes unless $name;
return $nodes->grep(
sub {
$xpc->findvalue('dsig:KeyInfo/dsig:KeyName', $_) eq $name;
}
);
}
sub _decrypt_encrypted_node {
my $self = shift;
my $node = shift;
my $key = shift;
my $xpc = shift;
my $parser = shift;
lib/XML/Enc.pm view on Meta::CPAN
return decode_base64($value) if $value;
return;
}
sub _get_digest_method {
my $self = shift;
my $node = shift;
my $xpc = shift;
my $value = $xpc->findvalue(
'./xenc:EncryptionMethod/dsig:DigestMethod/@Algorithm', $node);
return _assert_encryption_digest($value) if $value;
return;
}
sub encrypt {
my $self = shift;
my ($xml) = @_;
local $XML::LibXML::skipXMLDeclaration = $self->{ no_xml_declaration };
lib/XML/Enc.pm view on Meta::CPAN
my ($encrypted) = $self->_create_encrypted_data_xml();
my $dom = XML::LibXML->load_xml(
string => $xml,
no_network => 1,
load_ext_dtd => 0,
expand_entities => 0
);
my $xpc = XML::LibXML::XPathContext->new($encrypted);
$xpc->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$xpc->registerNs('xenc', 'http://www.w3.org/2001/04/xmlenc#');
$xpc->registerNs('xenc11', 'http://www.w3.org/2009/xmlenc11#');
$xpc->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
# Encrypt the data an empty key is passed by reference to allow
# the key to be generated at the same time the data is being encrypted
my $key;
my $method = $self->{data_enc_method};
my $encrypteddata = $self->_EncryptData ($method, $dom->serialize(), \$key);
lib/XML/Enc.pm view on Meta::CPAN
return exists($methods{$method}) ? $methods{$method} : $methods{'aes256-cbc'};
}
sub _setKeyName {
my $self = shift;
my $context = shift;
my $xpc = shift;
my $keyname = shift;
my $node = $xpc->findnodes('//xenc:EncryptedKey/dsig:KeyInfo/dsig:KeyName', $context);
$node->[0]->removeChildNodes();
$node->[0]->appendText(defined $keyname ? $keyname : 'key_name');
return $context;
}
sub _setOAEPparams {
my $self = shift;
my $context = shift;
my $xpc = shift;
lib/XML/Enc.pm view on Meta::CPAN
};
return $OAEPAlgorithm->{$method} // 'SHA1';
}
sub _setOAEPDigest {
my $self = shift;
my $method = shift;
state $OAEPDigest = {
'sha1' => 'http://www.w3.org/2000/09/xmldsig#sha1',
'sha224' => 'http://www.w3.org/2001/04/xmldsig-more#sha224',
'sha256' => 'http://www.w3.org/2001/04/xmlenc#sha256',
'sha384' => 'http://www.w3.org/2001/04/xmldsig-more#sha384',
'sha512' => 'http://www.w3.org/2001/04/xmlenc#sha512',
};
return $OAEPDigest->{$method} // $OAEPDigest->{'sha256'};
}
sub _getParamsAlgorithm {
my $self = shift;
my $method = shift;
state $ParamsAlgorithm = {
'http://www.w3.org/2000/09/xmldsig#sha1' => 'SHA1',
'http://www.w3.org/2001/04/xmldsig-more#sha224' => 'SHA224',
'http://www.w3.org/2001/04/xmlenc#sha256' => 'SHA256',
'http://www.w3.org/2001/04/xmldsig-more#sha384' => 'SHA384',
'http://www.w3.org/2001/04/xmlenc#sha512' => 'SHA512',
};
return $ParamsAlgorithm->{$method} // $ParamsAlgorithm->{'http://www.w3.org/2000/09/xmldsig#sha1'};
}
sub _setKeyEncryptionMethod {
my $self = shift;
my $method = shift;
state $enc_methods = {
'rsa-1_5' => 'http://www.w3.org/2001/04/xmlenc#rsa-1_5',
'rsa-oaep-mgf1p' => 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
'rsa-oaep' => 'http://www.w3.org/2009/xmlenc11#rsa-oaep',
lib/XML/Enc.pm view on Meta::CPAN
}
sub _setKeyEncryptedData {
my $self = shift;
my $context = shift;
my $xpc = shift;
my $cipherdata = shift;
my $node;
if ($xpc->findvalue('dsig:KeyInfo/dsig:RetrievalMethod/@Type', $context)
eq 'http://www.w3.org/2001/04/xmlenc#EncryptedKey')
{
my $id = $xpc->findvalue('dsig:KeyInfo/dsig:RetrievalMethod/@URI', $context);
$id =~ s/#//g;
my $keyinfo = $xpc->find('//*[@Id=\''. $id . '\']', $context);
if (! $keyinfo ) {
die "Unable to find EncryptedKey";
}
$node = $keyinfo->[0]->findnodes('//xenc:EncryptedKey/xenc:CipherData', $context)->[0];
} else {
$node = $xpc->findnodes('//dsig:KeyInfo/xenc:EncryptedKey/xenc:CipherData/xenc:CipherValue')->[0];
}
$node->removeChildNodes();
$node->appendText($cipherdata);
}
sub _remove_padding {
my $self = shift;
my $padded = shift;
my $len = length $padded;
lib/XML/Enc.pm view on Meta::CPAN
my $rsaKey = Crypt::PK::RSA->new(\$key_text );
if ( $rsaKey ) {
$self->{ key_obj } = $rsaKey;
$self->{ key_type } = 'rsa';
if (!$self->{ x509 }) {
my $keyhash = $rsaKey->key2hash();
$self->{KeyInfo} = "<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>$keyhash->{N}</dsig:Modulus>
<dsig:Exponent>$keyhash->{d}</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>";
}
}
else {
confess "did not get a new Crypt::PK::RSA object";
}
}
##
## _load_x509_key($key_text)
##
lib/XML/Enc.pm view on Meta::CPAN
local $/ = undef;
$text = <$CERT>;
close $CERT;
my $cert = Crypt::PK::RSA->new(\$text);
die "Could not load certificate from $file" unless $cert;
$self->{ cert_obj } = $cert;
my $cert_text = $cert->export_key_pem('public_x509');
$cert_text =~ s/-----[^-]*-----//gm;
$self->{KeyInfo} = "<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>\n"._trim($cert_text)."\n</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>";
return;
}
sub _create_encrypted_data_xml {
my $self = shift;
local $XML::LibXML::skipXMLDeclaration = $self->{ no_xml_declaration };
my $doc = XML::LibXML::Document->new();
my $xencns = 'http://www.w3.org/2001/04/xmlenc#';
my $dsigns = 'http://www.w3.org/2000/09/xmldsig#';
my $xenc11ns = 'http://www.w3.org/2009/xmlenc11#';
my $encdata = $self->_create_node($doc, $xencns, $doc, 'xenc:EncryptedData',
{
Type => 'http://www.w3.org/2001/04/xmlenc#Element',
}
);
$doc->setDocumentElement ($encdata);
lib/XML/Enc.pm view on Meta::CPAN
$xencns,
$encdata,
'xenc:EncryptionMethod',
{
Algorithm => $self->{data_enc_method},
}
);
my $keyinfo = $self->_create_node(
$doc,
$dsigns,
$encdata,
'dsig:KeyInfo',
);
my $enckey = $self->_create_node(
$doc,
$xencns,
$keyinfo,
'xenc:EncryptedKey',
);
my $kencmethod = $self->_create_node(
lib/XML/Enc.pm view on Meta::CPAN
{
Algorithm => $self->{key_transport},
}
);
if ($self->{key_transport} eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep' ||
$self->{key_transport} eq 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' &&
$self->{oaep_label_hash}) {
my $digestmethod = $self->_create_node(
$doc,
$dsigns,
$kencmethod,
'dsig:DigestMethod',
{
Algorithm => $self->{oaep_label_hash},
}
);
};
if ($self->{'oaep_params'} ne '') {
my $oaep_params = $self->_create_node(
$doc,
$xencns,
lib/XML/Enc.pm view on Meta::CPAN
$kencmethod,
'xenc11:MGF',
{
Algorithm => $self->{oaep_mgf_alg},
}
);
};
my $keyinfo2 = $self->_create_node(
$doc,
$dsigns,
$enckey,
'dsig:KeyInfo',
);
if (defined $self->{key_name}) {
my $keyname = $self->_create_node(
$doc,
$dsigns,
$keyinfo2,
'dsig:KeyName',
);
};
my $keycipherdata = $self->_create_node(
$doc,
$xencns,
$enckey,
'xenc:CipherData',
);
lib/XML/Enc.pm view on Meta::CPAN
The oaep_label_hash is stored in the DigestMethod child element of the EncryptionMethod.
=item B<oaep_label_hash>
Specify the Hash Algorithm to use for the rsa-oaep label as specified by oaep_params.
The default is sha1. Supported algorithms are:
=over
=item * L<sha1|http://www.w3.org/2000/09/xmldsig#sha1>
=item * L<sha224|http://www.w3.org/2001/04/xmldsig-more#sha224>
=item * L<sha256|http://www.w3.org/2001/04/xmlenc#sha256>
=item * L<sha384|http://www.w3.org/2001/04/xmldsig-more#sha384>
=item * L<sha512|http://www.w3.org/2001/04/xmlenc#sha512>
=back
=item B<key_name>
Specify a key name to add to the KeyName element. If it is not specified then no
KeyName element is added to the KeyInfo
t/04-decrypt.t view on Meta::CPAN
like($decrypter->decrypt($xml), qr/id31558763884313921701017518/, "Successfully Decrypted");
$xml = <<'XMLCONTENT';
<?xml version="1.0" encoding="utf-8"?>
<PayInfo>
<Name>John Smith</Name>
<CreditCard Limit="2,000" Currency="USD">
<Number><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName/>
</KeyInfo>
<CipherData>
<CipherValue>NKwRJ4AT2nNz9507cB15n8tROCpupxIS5HA2MPyQ9syPq8w//7mTkZ3XUN2IYvbz
mBx4jng7hIFUhXY54K+XTobVBugvPUOIcV6Odt/JUnkLHUS4+X+ef2vUDQaXjDw/
TacvHPeiWj9jkbQmWfnyZAyKsZUmRWGrEYUgdNTBDsVhpgMfW8hVkSe6sIWe+tr+
4HaygBwiJpWDb07ieQr5zFkvR7Yp80BCQ7Ewjjvilqn7jZt7V+Kk5API8nFP9AYC
2O5YDSW8qFJOXi64yejWO0lCAxZ+PHv4SNoZqsZJwpM8thuoxJ1X8Go5U/BsMsas
lBOPnjES+ZKBErB8KeOCJZcyepf4tU2xpNT62OdeW7oVV0U6BtpO6Cwb68Xw4oO5
wMz4BFH439q6hJaoMtZRjVGvpaIgb6eBI2wgU/x1uqYK6aRGXhgDOIpxgCCmXguG
t/07-decrypt-xmlsec.t view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Original XML
doc file before encryption (encrypt3 example).
-->
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm=
"$uri{$dm}$dm"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm=
"http://www.w3.org/2001/04/xmlenc#$km"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName/>
</KeyInfo>
<CipherData>
<CipherValue/>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue/>
</CipherData>
t/07-decrypt-xmlsec.t view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Original XML
doc file before encryption (encrypt3 example).
-->
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod Algorithm=
"$uri{$dm}$dm"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm=
"http://www.w3.org/2001/04/xmlenc#$km"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName/>
</KeyInfo>
<CipherData>
<CipherValue/>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue/>
</CipherData>
t/08-support-oaepparams.t view on Meta::CPAN
my $xmlsec = get_xmlsec_features();
my $lax_key_search = $xmlsec->{lax_key_search} ? '--lax-key-search' : '';
my $xml = <<'ENDXML';
<?xml version="1.0" encoding="UTF-8"?>
<PaymentInfo xmlns="http://example.org/paymentv2">
<Name>John Smith</Name>
<CreditCard Currency="USD" Limit="5,000"><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#" Id="EK">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<OAEPparams>MTIzNDU2Nzg=</OAEPparams>
</EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>my-rsa-key</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>qkGLaEkRFs+wAbz/zXl50nI7w8+b0NUxYXQu84lJz4iXeKj5/si2lgADR9bGVQ6N
iSQGxMF9cra8zlzaB6hqxcL3u4A161ajA4iMn88kdkda/ZgVANaombU1HPn+Mqzo
3/F/hfGSJ0CpzXv5Pi3zqe2J3Sii9NQBiyRkd0lbm41gCXLuRNkZH9x/LhOlrHEC
Vj/7fi8sYTFuqz4MeCbIdNOzxOR5g/L+VTeAcTZfT6wfkfc7jFa2CqkwBqMvNrtD
o+A0MmK0fb0/kJLxNx91PVXNti4l/SrbmGZhKIIgmY9DKtAJjTK60zWkiamfqA/N
WbrcIZjGje5oRXC7GLyBJfHuLo4sQIN7UvbZCcz16OVcgOC2B/hG7CQCXGwiZV+U
rTLjBaijbx/j0+zbMs+PkmD2Ba3DgrwzsGJ2sPq6oTW28ZJebcjSxNEundodNuFv
t/10-asserted-encryption.t view on Meta::CPAN
{
key => 't/encrypted-sign-private.pem',
no_xml_declaration => 1
}
);
$xml = XML::LibXML->load_xml(string => $xml);
my $xpc = XML::LibXML::XPathContext->new($xml);
$xpc->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
$xpc->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
$xpc->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$xpc->registerNs('xenc', 'http://www.w3.org/2001/04/xmlenc#');
my $decrypted = $enc->decrypt($xml);
ok($decrypted, "Got a decrypted message");
$xml = XML::LibXML->load_xml(string => $decrypted);
$xpc->setContextNode($xml);
my $assertion = $xpc->findnodes('//saml:Assertion');
t/asserted-encryption.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://netsaml2-testapp.local/consumer-post" ID="ID_6a68bd2f-5658-483d-866b-ade256de8c06" InResponseTo="NETSAML2_935c7...
<saml:Issuer>https://keycloak.local:8443/auth/realms/Foswiki</saml:Issuer>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#ID_6a68bd2f-5658-483d-866b-ade256de8c06">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>fFstLDBIowXl43T0OUs6F+HIlF8=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>B6jtNRLa0XrT54hUF38nO5kQwg4b+zDDx1GlYiVKHsRURzz0VycaUDv6j/8JYPDTHeHuCuMsdcn/ppPwGBxK7KUWBiKp9CcGb2OYcyLBNfdZcO/glQX/kfOZCyfW5olmoapA/4Af0sa4bnBlFknfOpHfD+i0M2bNenS79AtlvIGY9ltdJATjeuTneywWAS+N3qh+CLuKde4Gn9UL9VxCZVk5XKga4Tqag...
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate>MIICnTCCAYUCBgF5YqtQBTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdGb3N3aWtpMB4XDTIxMDUxMjIyMTkyNFoXDTMxMDUxMjIyMjEwNFowEjEQMA4GA1UEAwwHRm9zd2lraTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMGG6jrdadw/6rnOAGmNtmdIZy116JyocKlsoxg...
</dsig:X509Data>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>kwYbqOt1p3D/quc4AaY22Z0hnLXXonKhwqWyjGD6JBOVEjZ7eB6WyI5butc0hgcf9/ijNDwXhtrsbEkw1aWsMkU3bcOKPnbU9Wokey7dkDwk4/63EwI3bbOEI7o5iJbHk/3CbvNZVx+DexL3nrgtDgzskFDy0NjFj1EsINH6w013SFabpKuQTKCGptzE1j6uBd/EsErl4ZfJfVmTQ0sDlepGDlrwEPPWhR...
<dsig:Exponent>AQAB</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>
</dsig:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:EncryptedAssertion>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<xenc:CipherData>
<xenc:CipherValue>MhdhEw9xuIVEXqkgoGTG74VRXFhvYzqjcj/pNWCpt+pXnxt30HFgRflfcFQvW5YOWa+bsh0GkWn/OCqCy+F3nx4GCimbVVwm67T9eB2WhEy0fw5ZImKnbG19bogJB/S7OyynKhcNFOl7fsckU9eHvRGSeZJPvw2lpSEAHS1mdOVaA0WGVHHGqtOdV6O1N0+FuNIjcPJ+U2cN3paOndjS8ydn8/qQ...
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>X/2C81lmVE3pfRMYYmlciomHyqJHppGivGlQ61VeHXgXcqwnzTKLCdyL4+601TzuqfRVZnhnX4IKGqBaNHl4ii4nPs1tI22fy/+4B+6XJncwckqut5tDJZJ7axKVBeKXjnD7MnxrlWC4ZgM0O3ZrBLwCD4hV1PMIf118c9U8XjU1ufweEOsBIayco8iqbkrZQPAyW/aNA5pdQePjcEWwrhju6TNugKmi...
</xenc:CipherData>
( run in 1.415 second using v1.01-cache-2.11-cpan-71847e10f99 )