Download - XML Encryption
![Page 1: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/1.jpg)
1
XML Encryption
Notes from http://www-106.ibm.com/developerworks/library/x-encrypt/index.html by Bilal Siddiqui
And “Secure XML” by Eastlake and Niles Addison Wesley
![Page 2: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/2.jpg)
2
Not a replacement for SSL
• XML Encryption adds
Encrypting part of the data being exchanged
Secure sessions between more than two parties
![Page 3: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/3.jpg)
3
General Form 1
<EncryptedData>
<CipherData>
<CipherValue>
Cipher Text Gibberish in Base 64
</CipherValue>
</CipherData>
</EncryptedData>
![Page 4: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/4.jpg)
4
General Form 2
<EncryptedData>
<CipherData>
<CipherReference>
pointer (URL) to gibberish
</CipherReference>
</CipherData>
</EncryptedData>
![Page 5: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/5.jpg)
5
• Replaces the encrypted element or
• Serves as the new document root
• May contain a KeyInfo element that describes the key needed for decryption (borrowed from XML Digital Signature)
EncryptedData is the core element
![Page 6: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/6.jpg)
6
General Example (1)
<MedInfo> <ID> <Name> <Address> </ID> <Medical>…</Medical> <Financial>…</Financial></MedInfo>
![Page 7: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/7.jpg)
7
General Example (2)
<MedInfo> <ID>….</ID> <EncryptedData> <KeyInfo> <KeyName>Medical </KeyInfo> <CipherData> <CipherValue> gibberish </EncryptedData>
![Page 8: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/8.jpg)
8
General Example (3)
<Financial> <EncryptedData> <KeyInfo> <KeyName>Pay </KeyInfo> <CipherData> <CipherValue> gibberish
</EncryptedData></Finacial>
</MedInfo>
![Page 9: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/9.jpg)
9
Detailed Example (Listing 1)
<purchaseOrder>
<Order>
<Item>book</Item>
<Id>123-958-74598</Id>
<Quantity>12</Quantity>
</Order>
<Payment>
<CardId>123654-8988889-9996874</CardId>
<CardName>visa</CardName>
<ValidDate>12-10-2004</ValidDate>
</Payment>
</purchaseOrder>
![Page 10: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/10.jpg)
10
Encrypting the Entire File (Listing 2)
<?xml version='1.0' ?>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.isi.edu/in-notes/iana/assignments/media-types/text/xml'>
<CipherData>
<CipherValue>A23B45C56</CipherValue>
</CipherData>
</EncryptedData>
IANA = Internet Assigned Numbers Authority a function of The Internet Corporationfor Assigned Names and Numbers
![Page 11: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/11.jpg)
11
Encrypting The Payment (Listing 3)
<?xml version='1.0' ?> <PurchaseOrder> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> </Order> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C564587</CipherValue> </CipherData> </EncryptedData> </PurchaseOrder>
One element
![Page 12: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/12.jpg)
12
Encrypting Only the CardId (Listing 4)
<?xml version='1.0' ?> <PurchaseOrder> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> </Order> <Payment> <CardId> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Content' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C564587</CipherValue> </CipherData> </EncryptedData> </CardId> <CardName>visa</CardName> <ValidDate>12-10-2004</CardName> </Payment> </PurchaseOrder>
![Page 13: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/13.jpg)
13
Encrypting Non-XML Data(Listing 5)
<?xml version='1.0' ?>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlen#'
Type='http://www.isi.edu/in-notes/iana/assignments/media-types/jpeg' >
<CipherData>
<CipherValue>A23B45C56</CipherValue>
</CipherData>
</EncryptedData>
![Page 14: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/14.jpg)
14
Sending a public key(listing 6)<?xml version='1.0' ?> <SecureCommunicationDemonstration> <EncryptedKey CarriedKeyName="Muhammad Imran" xmlns='http://www.w3.org/2001/04/xmlenc#'> <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:KeyValue>1asd25fsdf2dfdsfsdfds2f1sd23 </ds:KeyValue> </ds:KeyInfo> </EncryptedKey></SecureCommunicationDemonstration>
![Page 15: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/15.jpg)
15
Receiving a secret key encrypted to the public key (listing 7)
<?xml version='1.0' ?> <SecureCommunicationDemonstration> <EncryptedKey CarriedKeyName="Imran Ali" xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm= "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <CipherData> <CipherValue>xyza21212sdfdsfs7989fsdbc </CipherValue> </CipherData> </EncryptedKey></SecureCommunicationDemonstration>
![Page 16: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/16.jpg)
16
Data Encrypted to Secret Key (Listing 8)
<?xml version='1.0' ?> <<SecureCommunicationDemonstration> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> <CardName>Visa</CardName> <ExpDate>10-10-2005</ExpDate> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc '/> <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:KeyName>Imran ali</ds:KeyName> </ds:KeyInfo> <CipherData> <CipherValue>A23B45C564587</CipherValue> </CipherData> </EncryptedData> </Order> </SecureCommunicationDemonstration>
![Page 17: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/17.jpg)
17
The future ?
• Use XMLEncryption
• Use XMLSignature
• Use a new Public Key Infrastructure
![Page 18: XML Encryption](https://reader036.vdocuments.site/reader036/viewer/2022082710/56812d15550346895d91fb72/html5/thumbnails/18.jpg)
18
XKMSPKI HOST
XMK Key Management Specification
Holds keys, certificates and certificate revocation list
Signer
VerifierSigned document
(SOAP)
Verify signatureX-KISSXML Key Information Service Specification
Register keyRevoke CertificateRecover KeyX-KRSSXML Key Registration Service Specification
Signer generates key pair or requests the pair from the PKI host Key registration request Certificate sent to Signer Signed document sent to Verifier Verifier requests certificate from PKI host Key and certificate sent to Verifier
(SO
AP
)(S
OA
P)
The Signer may request that a certificate be revokedThe Signer may request copy
of lost keys