XML Encryption Prabath Siriwardena Director, Security Architecture
XML Security Integrity and non-repudiation XML Signature by W3C http://www.w3.org/TR/xmldsig-core/ Confidentiality of XML documents XML Encryption by W3C http://www.w3.org/TR/xmlenc-core/
XML-Encryption A W3C standard which followed XML Signatures, for encrypting all of an XML document, part of it or an external object. XML Signature points to what is being signed – while in XML Encryption, element contains what is being encrypted. XML Encryption shares the element with XML Signature – which is defined under XML Signature namespace.
XML-Encryption Encrypts XML with a symmetric key Symmetric key encryption is much efficient than asymmetric key encryption
QUESTION 1 What are the differences between Symmetric key encryption and Asymmetric key encryption ?
XML-Encryption (Example) John Smith 4019 2445 0277 5567 Example Bank 04/02
If the encrypted resource information is located in a URI – addressable location this element is being used. URI attribute is used just like the way it’s being used in in XML Signature This also includes element which contain a pipeline of elements – as in the case of XML Signature. element defined under XML Signature namespace
KeyInfo in XML Signature is about providing the public key to verify the signature. In XML Encryption KeyInfo is about providing an encryption key, that is almost always a shared key. In XML Signature we can directly include the key in it. But in XML Encryption we should NOT. XML Encryption extends the XML Signature KeyInfo with two new elements and
Locating the Encryption key Leave out the key – assuming the receiving end is aware of the encryption key. Provide a name or pointer, where the receiving end locate the key. Encrypt the key using the public key of the receiving end and include the encrypted ‘encryption’ key inside KeyInfo.
is simple another element. Both extends Both do encryption - encrypts the shared key used to encrypt the message. Digital Enveloping / Key transport strategy
We will have multiple elements within the same XML document and they all will be referred by a standalone element.
is a child element of refers to the elements which use the same key to encrypt
With multiple elements are referred by a single key element. The CarriedKeyName element is used to identify the encrypted key value which may be referenced by the KeyName element in ds:KeyInfo
XML-Encryption - Processing Choose an encryption algorithm Obtain an encryption key and may represent it Serialize message data to octets [ a stream of bytes] Encrypt the data Specify the Complete the structure
Decryption Process Get algorithm, parameters and KeyInfo Locate the encryption key Decrypt data Process XML Elements and XML Element Content If no specified then the result of encryption is passed back to the application.