XML Encryption

XML Encryption supports the encryption of all or part of an XML document. The specification is flexible enough to allow the encryption of any of the following:

• The entire XML document

• An element and all its subelements

• The content of an XML element

• A reference to a resource outside the document

Because XML Encryption is not locked into any specific encryption scheme, additional information is provided on

• Encrypted content: the information itself or a reference to the location of the data

• Key information: information or a reference to information via a Uniform Resource Identifier (URI) about the keys involved in the encryption

The steps for XML Encryption include:

• Selecting the XML to be encrypted (all or part of a document)

• Converting to canonical form if using entities or namespaces with prefixes

• Encrypting the resulting canonical form using public-key encryption

• Sending the encrypted XML to the intended recipient

Encrypting XML Data

The following examples show different ways we can use XML Encryption to encrypt an XML document. Let's take for our example the following XML containing credit card information related to one of John von Neumann's purchases.

 <?xml version='1.0'?> <PaymentInfo xmlns='http://globalbank.org'>   <Name>John von Neumann<Name/>   <CreditCard Limit='5,000' Currency='USD'>     <Number>4654 2445 0277 5567</Number>     <Issuer>World Bank</Issuer>     <Expiration>04/05</Expiration>   </CreditCard> </PaymentInfo> 

As we'll see in the following examples, the important element in the XML Encryption specification is EncryptedData , which contains the C ipherValue element that holds the actual encrypted value. However, how we use these elements will depend on what part of the XML document we wish to encrypt. The following scenarios illustrate different ways of applying XML Encryption to the XML credit card information.

Scenario 1: XML Subelement and Content Encryption

Our XML example shows that John von Neumann is using a credit card with a limit of $5,000 USD. In this example, because von Neumann's credit card data is sensitive but his name is not, an application can selectively keep only the critical information confidential by encrypting the CreditCard element. The resultant XML looks like the following.

 <?xml version='1.0'?> <PaymentInfo xmlns='http://globalbank.org'>    <Name>John von Neumann<Name/>    <EncryptedData         Type='http://www.w3.org/2001/04/xmlenc#Element'             xmlns='http://www.w3.org/2001/04/xmlenc#'>         <CipherData>            <CipherValue>                A23B45C56            </CipherValue>         </CipherData>    </EncryptedData> </PaymentInfo> 

By encrypting the entire CreditCard element from its start to end tags, the identity of all the elements and the data are hidden. An eavesdropper cannot determine whether von Neumann used a credit card, a check, or a wire transfer. The CipherData element contains the CipherValue element that encompasses the entire CreditCard element including tags and data. Note that the use of the version namespace http://www.w3.org/2001/04/xmlenc# is required and that the attribute specification of Type=' http://www.w3.org/2001/04/xmlenc#Element ' , while not required, is recommended so that the recipient can ascertain that an entire element has been encrypted.

Scenario 2: Partial XML Element Encryption

In different circumstances, it may be useful for intermediate agents handling the data along a SOAP message path to know that John von Neumann used a credit card with a particular limit, but they may not need to know the card's number, issuer, and expiration date. In this case, the subelements and content of the CreditCard element are encrypted but not the CreditCard element name nor the attributes. The resultant XML would look like the following:

 <?xml version='1.0'?> <PaymentInfo xmlns='http://globalbank.org'>   <Name>John von Neumann<Name/>   <CreditCard Limit='5,000' Currency='USD'>   <EncryptedData        Type='http://www.w3.org/2001/04/xmlenc#Content'               xmlns='http://www.w3.org/2001/04/xmlenc#'>        <CipherData>         <CipherValue>C23455CB6</CipherValue>        </CipherData>   </EncryptedData>   </CreditCard> </PaymentInfo> 

Scenario 3: Encrypting XML Element Content Only

In this example, we consider a scenario in which all the information except the actual credit card number is made public, including the Number element itself.

 <?xml version='1.0'?> <PaymentInfo xmlns='http://globalbank.org'>  <Name>John von Neumann<Name/>  <CreditCard Limit='5,000' Currency='USD'>   <Number>    <EncryptedData     xmlns='http://www.w3.org/2001/04/xmlenc#'     Type='http://www.w3.org/2001/04/xmlenc#Content'>     <CipherData>       <CipherValue>A2345C66</CipherValue'     </CipherData>    </EncryptedData>   </Number>   <Issuer>World Bank </Issuer>   <Expiration>04/02</Expiration>  </CreditCard> </PaymentInfo> 

Here, both CreditCard and Number are made public, but the character data content of Number is encrypted. Note that we use the attribute Type=' http://www.w3.org/2001/04/xmlenc#Content ' to indicate to the receiver that element content is being encoded.

Scenario 4: Encrypting Arbitrary Data and XML Documents

If the situation requires that the entire XML document beginning at the root note be encrypted, all the elements are encrypted as a single encrypted string.

 <?xml version='1.0'?> <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'>   <CipherData>     <CipherValue>A23B45223C56</CipherValue>   </CipherData> </EncryptedData>