Modern encryption algorithms work with sequences of eight-bit bytes (octets). As a consequence, any XML document or portion of a document being encrypted must be converted to such a format by, for example, "printing" or serializing it.
The normal reason for encrypting XML (or any other data) is so that some authorized application can later decrypt it and use the information. If the XML will always be decrypted back into the same environment, then it will normally provide the same information and be faithfully decrypted. Maintaining the same environment means maintaining the same character encoding, namespace prefix bindings, scoped value for xml:lang, xml:base if relevant, and perhaps additional application environment factors. However, if the application decrypts the XML into a different environment, it may be incorrectly parsed because its character encoding differs from that used by the parser. Decrypting into a different environment could also provide meaningless or corrupted information due to changes in environmental factors such as namespace bindings. See Figure 9-5.
Figure 9-5. Canonicalization and encryption
Use of Canonical XML ensures that XML is in a standard character encoding (UTF-8). The inclusive canonical output incorporates all standard XML environmental factors, such as namespace declarations and values of all attri butes in the xml namespace. (Section 9.6 describes some limitations.) Decryption into a different environment is then much safer. Because the character encoding of the decrypted XML is known, it can be parsed into data structures or changed to the appropriate encoding for insertion into enveloping XML.
These considerations apply for any type of encryption of XML data, including the XML Encryption standard described in Chapter 15.