xml decryption questions

[diorges12]

I have an xml document with an encrypted element that I need to decrypt. From the xml below and what I've read about xmlenc, this element is encrypted using AES256-CBC with a symmetric key generated by the sender (encrypted data is in 2nd CipherValue element). The sender then encrypted the AES key with RSA. The sender should use my public key to do this RSA encryption. The encrypted key was put in the first CipherValue in the xml below.So to decrypt the data, I have to do the following:1. Base64 decode and then decrypt the AES key using my RSA private key that corresponds to my public RSA key used by the sender.2. Based64 decode and then decrypt the encrypted data in the second CipherValue element using the decrypted AES key from step 1.Is this correct?Now, here's my problem...I haven't given the sender my public key. Instead the sender has given me a certificate containing their public key and they claim that I can use them to do the decryption - I guess implying that they encrypted with their private key so I can decrypt with their public key. From everything that I've read this isn't how it works. Instead they should encrypt with my public key so I can decrypt the data with my private key.Who is correct here? Can one encrypt with a private key and then decrypt with a public key?For what it's worth, I have tried doing this with JCE, but I get a BadPadding exception when I try to decrypt the AES key (first base64 decoded) with their public key.Here's the XML element minus a few details...\[code\]<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </e:EncryptionMethod> <KeyInfo> <X509Data> <X509IssuerSerial> <X509IssuerName> // issuer name removed </X509IssuerName> <X509SerialNumber>11411601377033481249</X509SerialNumber> </X509IssuerSerial> </X509Data> </KeyInfo> <e:CipherData> <e:CipherValue> LLq+NfgwVF/qbMzTPtVnGfaaBxIFc5fmNeAk2dBHaPqb+Hti9Nre7dK+3MOyzucNSYwF76Be0zKZnIeAsQQoKgiU34/BZURq9uFHt8uUYA4dPtcYOIg6F5KR3r7KXBilT/QXYP3UicIcsY2NCA6g0Mp4PrF8b2Yi80Gn2oyZd30= </e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue> // encrypted data removed </xenc:CipherValue> </xenc:CipherData></xenc:EncryptedData>\[/code\]Thanks,Troy