AES256-CBC for encryption?

Cantor, Scott cantor.2 at
Mon May 13 11:38:29 EDT 2019

On 5/13/19, 11:23 AM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> Thanks, Scott. I'm still not getting this to work, though. I've added the encryption algorithm to the metadata inside the
> encryption key descriptor block: 

Looks right, but you can add the schema validation filter, maybe it will spot something subtle.

> But looking at the response, it's still showing AES128-CBC.

Don't know why that would be. I'll try it out with something myself just as a test, though I have done it with GCM in the past.

> Any other possibilities you can think of? Is it correct the <KeyDescriptor> and <EncryptionMethod> are in the same XML
> schema namespace? I don't need to prefix EncryptionMethod with anything if I'm not prefixing KeyDescriptor, correct?

It looks like the correct element to me.

-- Scott

More information about the users mailing list