Krishna SattirajuCS 792 .NET
Overview
What is XML Encryption Methods for Encryption Storage of Encrypted Data Benefits of XML Secure Storage Types of XML Encryption
XML Encryption Specification that defines how to encrypt data
Used to encrypt data, keying information and algorithms
Methods for encryption
•Using Symmetric Encryption
•Combination of Symmetric and Asymmetric Encryption
•X.509 Certificates
Storage of Encrypted Data
Whole element is replaced with an element named <EncryptedData>
Only the data in the element is replaced and its name remains readable in the document
XML Document Code
Encrypted Code
Asymmetric XML Encryption and Decryption
o Select XML ElementoEncrypt elementoEncrypt Session KeyoCreate Encrypted Data elementoReplace Original element
oSelect Encrypted Data elementoDecrypt Session Key oDecrypt Cipher Data using unencrypted symmetricoReplace the Encrypted Data Element
Name Spaces
System. XML
System.Security. Cryptography
System.Security.Cryptography.xml
Benefits of XML Secure Storage
XML Is Structured Format
Allows for secure storage of documents
Provides granularity
Leverages Existing technologies
XML Encryption
Encrypted data is maintained.
All information needed to decrypt a document is contained within the document.
Session can be secured on the document level and shared between multiple parties.
Sensitive data is easily interchanged between applications.
XML Encryption of Element
<?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> </PaymentInfo>
XML Encryption using Content<?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Content'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> </CreditCard> </PaymentInfo>
Encrypting XML Content (Character Data)
<?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number> <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Content'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> </Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo>
XML Encryption in WS-Security
<env:Envelope xmlns:env="http://www.w3.org/2001/12/soap-envelope" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <env:Header> <wsse:Security
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
<xenc:ReferenceList> <xenc:DataReference URI="#encryptedID"/> </xenc:ReferenceList> </wsse:Security> </env:Header> <env:Body> <xenc:EncryptedData Id="encryptedID"> <xenc:CipherData> <xenc:CipherValue>...</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </env:Body></env:Envelope>
XML Encryption w/ Digital Certificate<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Element"><EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey
xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>rsakey.pem</KeyName> </KeyInfo> <CipherData> <CipherValue>IPiEu9Nv+EsGyvV . . .</CipherValue> </CipherData> </EncryptedKey></KeyInfo><CipherData><CipherValue>xrfPSA+BEI+8 . .
.</CipherValue></CipherData></EncryptedData>
XML Signing AND XML Encryption•Order of Cryptographic operations matters
•Signing and Encrypting
•Encrypting and Signing
•Change of the order while Decrypting - Danger
References
XML Encryption by By: Derek Smyth : http://dotnetslackers.com/articles/xml/XMLEncryption.aspx
XML Encryption Syntax and Processing By Takeshi Imamura , Blair Dillaway, Ed Simon
http://www.ibm.com/developerworks/xml/library/x-encrypt2/
http://www.devx.com/dotnet/Article/21564
Thank You!!!