Scribd
Upload
105 views18 pages

XML Encryption: Notes From

1. XML Encryption allows encrypting parts of XML data being exchanged and securing sessions between multiple parties. It does not replace SSL. 2. XML Encryption encrypts elements or serves as the root element containing encrypted content and key information for decryption. 3. Examples demonstrate encrypting an entire document, specific elements like payment details, or attribute content like a credit card ID. Future standards may use XML Encryption with signatures and new public key infrastructure specifications.

Uploaded by

hashmude
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
105 views18 pages

XML Encryption: Notes From

1. XML Encryption allows encrypting parts of XML data being exchanged and securing sessions between multiple parties. It does not replace SSL. 2. XML Encryption encrypts elements or serves as the root element containing encrypted content and key information for decryption. 3. Examples demonstrate encrypting an entire document, specific elements like payment details, or attribute content like a credit card ID. Future standards may use XML Encryption with signatures and new public key infrastructure specifications.

Uploaded by

hashmude
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 18

1

XML Encryption
Notes from
http://www-106.ibm.com/developerworks/library/x-
encrypt/index.html
by Bilal Siddiqui

And Secure XML by Eastlake and Niles Addison Wesley
2
Not a replacement for SSL
XML Encryption adds

Encrypting part of the data being exchanged

Secure sessions between more than two parties
3
General Form 1
<EncryptedData>
<CipherData>
<CipherValue>
Cipher Text Gibberish in Base 64
</CipherValue>
</CipherData>
</EncryptedData>
4
General Form 2
<EncryptedData>
<CipherData>
<CipherReference>
pointer (URL) to gibberish
</CipherReference>
</CipherData>
</EncryptedData>
5
Replaces the encrypted element or
Serves as the new document root
May contain a KeyInfo element that
describes the key needed for decryption
(borrowed from XML Digital Signature)
EncryptedData is the core element
6
General Example (1)
<MedInfo>
<ID>
<Name>
<Address>
</ID>
<Medical></Medical>
<Financial></Financial>
</MedInfo>
7
General Example (2)
<MedInfo>
<ID>.</ID>
<EncryptedData>
<KeyInfo>
<KeyName>Medical
</KeyInfo>
<CipherData>
<CipherValue> gibberish
</EncryptedData>
8
General Example (3)
<Financial>
<EncryptedData>
<KeyInfo>
<KeyName>Pay
</KeyInfo>
<CipherData>
<CipherValue> gibberish
</EncryptedData>
</Finacial>
</MedInfo>

9
Detailed Example (Listing 1)
<purchaseOrder>
<Order>
<Item>book</Item>
<Id>123-958-74598</Id>
<Quantity>12</Quantity>
</Order>
<Payment>
<CardId>123654-8988889-9996874</CardId>
<CardName>visa</CardName>
<ValidDate>12-10-2004</ValidDate>
</Payment>
</purchaseOrder>
10
Encrypting the Entire File (Listing 2)
<?xml version='1.0' ?>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'
Type='http://www.isi.edu/in-notes/iana/assignments/media-
types/text/xml'>
<CipherData>
<CipherValue>A23B45C56</CipherValue>
</CipherData>
</EncryptedData>

IANA = Internet Assigned Numbers Authority a function of
The Internet Corporation
for Assigned Names and Numbers
11
Encrypting The Payment (Listing 3)
<?xml version='1.0' ?>
<PurchaseOrder>
<Order>
<Item>book</Item>
<Id>123-958-74598</Id>
<Quantity>12</Quantity>
</Order>
<EncryptedData
Type='http://www.w3.org/2001/04/xmlenc#Element'
xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CipherData>
<CipherValue>A23B45C564587</CipherValue>
</CipherData>
</EncryptedData>
</PurchaseOrder>
One element
12
Encrypting Only the CardId (Listing 4)
<?xml version='1.0' ?>
<PurchaseOrder>
<Order>
<Item>book</Item>
<Id>123-958-74598</Id>
<Quantity>12</Quantity>
</Order>
<Payment>
<CardId>
<EncryptedData
Type='http://www.w3.org/2001/04/xmlenc#Content'
xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CipherData>
<CipherValue>A23B45C564587</CipherValue>
</CipherData>
</EncryptedData>
</CardId>
<CardName>visa</CardName>
<ValidDate>12-10-2004</CardName>
</Payment>
</PurchaseOrder>
13
Encrypting Non-XML Data(Listing 5)
<?xml version='1.0' ?>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlen#'
Type='http://www.isi.edu/in-notes/iana/assignments/media-
types/jpeg' >

<CipherData>
<CipherValue>A23B45C56</CipherValue>
</CipherData>
</EncryptedData>
14
Sending a public key(listing 6)
<?xml version='1.0' ?>
<SecureCommunicationDemonstration>
<EncryptedKey CarriedKeyName="Muhammad
Imran"
xmlns='http://www.w3.org/2001/04/xmlenc#'>
<ds:KeyInfo
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:KeyValue>1asd25fsdf2dfdsfsdfds2f1sd23
</ds:KeyValue>
</ds:KeyInfo>
</EncryptedKey>
</SecureCommunicationDemonstration>
15
Receiving a secret key encrypted
to the public key (listing 7)

<?xml version='1.0' ?> <SecureCommunicationDemonstration>
<EncryptedKey CarriedKeyName="Imran Ali"
xmlns='http://www.w3.org/2001/04/xmlenc#'>
<EncryptionMethod Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<CipherData>
<CipherValue>xyza21212sdfdsfs7989fsdbc
</CipherValue>
</CipherData>
</EncryptedKey>
</SecureCommunicationDemonstration>
16
Data Encrypted to Secret Key
(Listing 8)
<?xml version='1.0' ?>
<<SecureCommunicationDemonstration>
<Order>
<Item>book</Item>
<Id>123-958-74598</Id>
<Quantity>12</Quantity>
<CardName>Visa</CardName>
<ExpDate>10-10-2005</ExpDate>
<EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element'
xmlns='http://www.w3.org/2001/04/xmlenc#'>

<EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc '/>

<ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:KeyName>Imran ali</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>A23B45C564587</CipherValue>
</CipherData>
</EncryptedData>
</Order>
</SecureCommunicationDemonstration>

17
The future ?
Use XMLEncryption
Use XMLSignature
Use a new Public Key Infrastructure
18
XKMS
PKI HOST
XMK Key Management Specification
Holds keys, certificates and
certificate revocation list

Signer

Verifier
Signed document
(SOAP)
Verify signature
X-KISS
XML Key Information
Service Specification
Register key
Revoke Certificate
Recover Key
X-KRSS
XML Key Registration
Service Specification
Signer generates key pair or
requests the pair from the PKI host
Key registration request
Certificate sent to Signer
Signed document sent to Verifier
Verifier requests certificate from PKI host
Key and certificate sent to Verifier
The Signer may request that a
certificate be revoked
The Signer may request copy
of lost keys

You might also like