[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with encrypted assertions
I've started integrating with a SAML Shibboleth IdP (testshib.org) which
encrypts assertions, and am getting what looks to be the same error as you
t zxsig.c:319 zx_report_openssl_error zx E EVP_CipherFinal_ex(): OpenSSL
error(101077092) error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt (evp_enc.c:337): ? 0
This is with zxid 0.62 and openssl 0.9.8o. Also tried with openssl 0.9.7m.
I'm getting the same result with my own certs as well as allowing zxid to
I was able to decrypt the message with xmlsec1, built with the same
openssl versions and compiler. So this leads me to believe that there may
be an issue inside zxid, with data being passed to
Did you ever identify a solution for this?
On Wed, Jan 20, 2010 at 10:03 AM, Christian Borup <borup@xxxxxxxx> wrote:
> Hi all
> I'm not having any luck authenticating via a IdP that returns encrypted
> Calling Net::SAML::simple_cf with the querry string the following is
> printed to stderr and exit seems to be called.
> t zxsig.c:318 zx_report_openssl_error zx E EVP_CipherFinal_ex():
> OpenSSL error(101077092) error:06065064:digital envelope
> routines:EVP_DecryptFinal:bad decrypt (evp_enc.c:445): ? 0
> If I save the SAMLResponse the file xmlsec1 will decrypt it just fine
> (after base64 decode, obviously). Using the command line:
> xmlsec1 --decrypt --privkey-pem /var/zxid/pem/enc-nopw-cert.pem
> xmlsec1 and zxid are both compiled with the same OpenSSL.
> Clues anyone?