Introduction to and Motivation for XML Encryption

In Chapter 4, "Safeguarding the Identity and Integrity of XML Messages," we discussed XML Signature and its importance as a foundational XML security standard. In this chapter, we describe XML Encryption, which is designed to keep all or part of a SOAP message secret. Because XML Encryption followed XML Signature as a standard, the two are similar and share some of the same concepts, terminology, and XML elements. However, XML Encryption addresses different issues than XML Signature and, consequently, shows up in quite a different manner than XML Signature. We first discuss at a high level the relationship between XML Signature and XML Encryption as a way of leveraging what we discussed in the XML Signature chapter. Later in this chapter, in the section "Using XML Encryption and XML Signature Together," we discuss the issues with using these two technologies together, which is quite common, as you will see in Chapter 7, "Building Security into SOAP," when we discuss the WS-Security standard.

Relating XML Encryption and XML Signature

XML Signature (formerly known as Digital Signature, or DSIG ), as we discussed in the preceding chapter, was the initial W3C XML security standard that really got XML security off the ground. The development of XML Encryption followed and overlapped XML Signature. There were many common members on the two W3C specification committees , including the co-editors of the specification, Donald Eastlake and Joseph Reagle. You will notice that both technologies share many of the same concepts and even structures (for example, they share the KeyInfo element to hold key information).

First, let's look at the similarities between XML Signature and XML Encryption. In XML Signature, you can sign all or part of an XML document either by having the Signature's Reference URI pointing internally or pointing to an external resource. Similarly, in XML Encryption, you can encrypt all or part of an XML document either internally or externally. Just as an XML Signature structure can exist multiple times in a document, an XML Encryption structure can exist in multiple places within a document with different keys or the same key. Probably the most obvious similarity between XML Signature and XML Encryption is that they share the KeyInfo element, which was defined originally in the XML Signature namespace.

Although the structure and some of the elements defined for XML Signature and XML Encryption are similar, their purpose and usage are quite different. Whereas you might use XML Signature to ensure that an XML document has not been tampered with (integrity) and was acknowledged by a known entity, XML Encryption has an entirely different purpose. XML Encryption allows hiding of all or part of an XML document (confidentiality) from anyone other than the private key holder. These technologies are complementary because, often, with secure XML and Web services you need to both encrypt a message to a recipient as well as sign the message to confirm your identity and verify that the message you sent is the message that was received.

A more structural contrast between XML Signature and XML Encryption is noticeable when you look at the XML that comprises the two standards. An XML Signature is represented by one Signature element that has one or more References to the items that are signed. The item being signed is often outside the Signature. In contrast, XML Encryption has the EncryptedData element, which typically surrounds the information that is encrypted. Most often, although there are exceptions, an XML Signature points to what is being signed, and an XML Encryption EncryptedData element contains what is being encrypted.

These differences will become more clear as you see examples and learn more about XML Encryption in this chapter. The main point is that XML Signature and XML Encryption are siblings, which, like the human variety, have common genes that result in similarities but also, due to their different purposes, have profound differences. In the section "Using XML Encryption and XML Signature Together," later in this chapter, we discuss the inter-relationship between the two, describe a common usage pattern, and explain the best strategies to make them work together and avoid the natural "sibling rivalry" that could occur.

Critical Building Block for WS-Security

Both XML Signature and XML Encryption co-exist as fundamental building blocks for WS-Security. As you will see in Chapter 7, WS-Security depends on these two technologies as two of its three pillars (the third being SAML). So, understanding both XML Signature and XML Encryption is essential to understanding WS-Security.

The Goal Is to Ensure Confidentiality of Messages from End to End with Different Recipients

The vision of XML Encryption is more grandiose than simply to encrypt the information for one end recipient. XML Encryption allows for different parts of a document to be encrypted with different keys and therefore to be seen by different recipients.

As we demonstrate in an extended example near the end of the chapter, you can imagine scenarios in which an XML document could have parts that are readable by one party but completely hidden to another.

Perhaps what makes XML Encryption unique among XML standards is that its goal is to make selected parts of XML unintelligible. An important principle of XML has been to "make the wire protocol transparent." XML Encryption now allows you to obfuscate selective parts of the document through encryption. This capability has implications on other XML standards that perhaps had not considered the encryption scenario. See the sidebar titled "XML Encryption and XML Schema" near the end of the chapter. There, we discuss one such implication .

Think Shared Key Cryptography When You Think of XML Encryption

Remember that, for all intents and purposes, encryption is always done with shared (symmetric) key algorithms. This point may surprise you because you may sometimes hear about a sender encrypting a message using your public key so that you can decrypt it with your private key. In practice, this statement is correct, but it is an oversimplification. Due to efficiency considerations and the size of public (asymmetric) keys, only small amounts of data can be encrypted or decrypted using public key algorithms. A document or message of arbitrary length is encrypted with a shared key. If public key technology is being used (as it often is), the shared key to be used to encrypt the document is encrypted by the sender using the recipient's public key and then transported to the recipient safely. XML Encryption handles this requirement using the EncryptedKey element to wrap a shared key. The approach of encrypting a shared key (often called a session key ) with the recipient's public key is so important and so common that XML Encryption introduces a specific element to support this called EncryptedKey.

XML Encryption Will Become Part of the Infrastructure Like XML Signature

As we mentioned in the preceding chapter, XML Signature and XML Encryption will likely evolve to be an embedded part of the infrastructure rather than a technology you work with directly on a day-to-day basis. More likely, whether your role is as a developer or administrator, you will work at the policy level and declaratively describe the security that a particular Web service or XML document requires rather than work at the fine-grained level that we describe in this chapter. Still, like most things, having a strong understanding of the underlying XML Encryption technology will help you work better at whatever level you need when working with Web Services Security.