XML Encryption Prabath Siriwardena Director, Security Architecture
XML Security Integrity and non-repudiation XML Signature by W3C Confidentiality of XML documents XML Encryption by W3C
XML-Encryption A W3C standard which followed XML Signatures, for encrypting all of an XML document, part of it or an external object. XML Signature points to what is being signed – while in XML Encryption, element contains what is being encrypted. XML Encryption shares the element with XML Signature – which is defined under XML Signature namespace.
XML-Encryption Encrypts XML with a symmetric key Symmetric key encryption is much efficient than asymmetric key encryption
QUESTION 1 What are the differences between Symmetric key encryption and Asymmetric key encryption ?
XML-Encryption (Example) John Smith Example Bank 04/02
XML-Encryption (Example) John Smith <EncryptedData Type=' xmlns=' A23B45C56
XML-Encryption
Specify the encryption algorithm to be used. – – – –
<EncryptedData xmlns=' Type=' <EncryptionMethod Algorithm=' cbc'/> John Smith DEADBEEF XML-Encryption (Example)
QUESTION 2 Explain different types of cipher modes.
XML-Encryption
Either contains encrypted information inside or a reference to the resource being encrypted inside.
Contains Base-64 encoded encrypted information.
If the encrypted resource information is located in a URI – addressable location this element is being used. URI attribute is used just like the way it’s being used in in XML Signature This also includes element which contain a pipeline of elements – as in the case of XML Signature. element defined under XML Signature namespace
<EncryptedData xmlns=' Type=' <EncryptionMethod Algorithm=' cbc'/> John Smith DEADBEEF XML-Encryption (Example)
<EncryptedData xmlns=' Type=' XML-Encryption (Example)
QUESTION 3 How can we use XML Encryption to encrypt non- xml attachments ?
XML-Encryption
Almost similar to Holds useful information about the encryption.....
XML-Encryption
KeyInfo in XML Signature is about providing the public key to verify the signature. In XML Encryption KeyInfo is about providing an encryption key, that is almost always a shared key. In XML Signature we can directly include the key in it. But in XML Encryption we should NOT. XML Encryption extends the XML Signature KeyInfo with two new elements and
Locating the Encryption key Leave out the key – assuming the receiving end is aware of the encryption key. Provide a name or pointer, where the receiving end locate the key. Encrypt the key using the public key of the receiving end and include the encrypted ‘encryption’ key inside KeyInfo.
XML-Encryption (Example) <EncryptedData xmlns=' Type=' <EncryptionMethod Algorithm=' John Smith DEADBEEF
A strategy for safely communicating a secret key. refers to a key agreement protocol that is used to generate the encryption key. Not commonly used – an optional element
Zm9v <ds:DigestMethod Algorithm="
is simple another element. Both extends Both do encryption - encrypts the shared key used to encrypt the message. Digital Enveloping / Key transport strategy
We will have multiple elements within the same XML document and they all will be referred by a standalone element.
is a child element of refers to the elements which use the same key to encrypt
With multiple elements are referred by a single key element. The CarriedKeyName element is used to identify the encrypted key value which may be referenced by the KeyName element in ds:KeyInfo
XML-Encryption - Processing Choose an encryption algorithm Obtain an encryption key and may represent it Serialize message data to octets [ a stream of bytes] Encrypt the data Specify the Complete the structure
Decryption Process Get algorithm, parameters and KeyInfo Locate the encryption key Decrypt data Process XML Elements and XML Element Content If no specified then the result of encryption is passed back to the application.
lean. enterprise. middleware