XML Encryption

XML Encryption specifications form the basis of securing the data and communication in order to conduct secure business transactions between partners. The goals of XML encryption is to provide data confidentiality and to ensure end-to-end security of messages transmitted between communicating parties. It is an evolving standard for encrypting and decrypting data and then representing that data using XML. XML encryption has emerged from the W3C as an industry-standard initiative for expressing encryption and decryption of digital content in XML. To find out the current status of XML encryption specifications from the W3C working group, refer to the W3C Web site at http://www.w3.org/Encryption.

Motivation of XML Encryption

Maintaining data confidentiality and privacy is made possible through encryption. The process of applying encryption involves converting a particular message into scrambled text (ciphertext) by applying cryptographic algorithms. These messages can be decrypted or unscrambled for viewing only by authorized parties who know the required secret key. This ensures that the data remains confidential during transit or at rest. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the standard protocols typically used for encrypting communication and providing authentication using digital certificates over TCP/IP. SSL/TLS provides encryption for point-to-point communication, and during communication it facilitates encryption of the complete message or document in its entirety. It falls short of key mechanisms intended for XML-based business transactions, which require applying encryption for portions of a message, applying multiple encryptions to different parts of a message, and then leaving selected portions of message unencrypted. This mandates an XML-based digital encryption mechanism that meets the requirements of secure XML communication. These include message-level encryption and multiple encryptions to a message meant for multiple parties, a workflow, or a multi-hop communication.

XML encryption defines the syntax and processing rules that provide the flexibility of applying encryption or decryption to different fragments or a complete XML document while preserving the encrypted data intended for multiple parties in a workflow or a multi-hop communication involving intermediaries.

The Anatomy of XML Encryption

XML encryption allows encryption of any sort of digital content or data objects, such as XML, binary data, and images. It builds on existing industry-standard encryption algorithms and facilitates a standard XML-based representation and processing model for encryption and decryption.

In XML encryption, the resulting encrypted data are represented in an XML format identified by an <EncryptedData> element that contains the ciphertext of the content. The encrypted data can be an XML element or arbitrary data that include the complete document. The encryption key value is specified using an <EncryptedKey> element.

Let's take a closer look at how to represent an XML encryption, its structural elements, and its features.

Structure of XML Encryption and Its Core Elements

XML encryption is represented and identified as an <EncryptedData> element, where the original data are encrypted and embedded within the data structure. Example 6-14 shows the structure of an XML Encryption represented by <EncryptedData ?> as its root element. The "?" in the element denotes zero or one occurrence, "*" denotes zero or more occurrences, and the empty element denotes the element must be empty).

Example 6-14. Structure of XML encryption and its core elements

  <EncryptedData Id? Type? MimeType? Encoding?>     <EncryptionMethod/>?     <ds:KeyInfo>       <EncryptedKey>?       <AgreementMethod>?       <ds:KeyName>?       <ds:RetrievalMethod>?       <ds:*>?     </ds:KeyInfo>?     <CipherData>       <CipherValue>?       <CipherReference URI?>?     </CipherData>     <EncryptionProperties>?   </EncryptedData> 

<EncryptedData>

The <EncryptedData> element is the root element that contains all child elements, including the <CipherData> that contains the encrypted data. It replaces the encrypted content with the exception of the <EncryptedKey> element that contains the encrypted key. The <EncryptedData> elements contain four optional attributes: an Id attribute identifying the encrypted data with a unique id; a Type attribute defining the encrypted data, which is content or an element for the decrypting application; a MimeType attribute defining the content MIME type; and an Encoding attribute specifying the transfer encoding (e.g., Base64-encoded) of the encrypted data. See Example 6-15.

Example 6-15. Representation of EncryptedData element

<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"          Type="http://www.w3.org/2001/04/xmlenc#Element"   MimeType= "text/xml"   Encoding= "http://www.w3.org/2000/09/xmldsig#base64"> 

<EncryptionMethod>

The optional <EncryptionMethod> element specifies the applied encryption algorithm of the encrypted data. If it is not specified, the recipient would not be aware of the applied encryption algorithm and the decryption may fail. See Example 6-16.

Example 6-16. EncryptionMethod element specifying an encryption algorithm

<EncryptionMethod    xmlns="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"> 

<ds:KeyInfo>

The <ds:KeyInfo> is a mandated element that specifies information about the key used for encrypting the data. It contains <ds:KeyName>, <ds:KeyValue>, and <ds:RetrievalMethod> as its child elements. The <ds:KeyName> element specifies the reference to the key or refers to a <CarriedKeyName> element of the <EncryptedKey> element. For example, the <ds:KeyInfo> element and <ds:KeyName> appears as shown in Example 6-17.

Example 6-17. Representing key information using <ds:KeyInfo> element

  <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">       <ds:KeyName>CSP-SecurityKey</ds:KeyName>   </ds:KeyInfo> 

The <ds:RetrievalMethod> provides another way to retrieve the key information identified using a URI. Example 6-18 uses the <ds:RetrievalMethod> with a URL location to retrieve the key from the <EncryptedKey> element.

Example 6-18. Specifying RetrievalMethod for obtaining key information

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">   <ds:RetrievalMethod URI='#MYEK'       Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"/>        <ds:KeyName>CSP-SecurityKey</ds:KeyName>  </ds:KeyInfo> 

The <ds:KeyValue> is an optional element used to transport public keys.

<CipherData>

<CipherData> is a mandatory element that provides the encrypted data. It allows you to specify the encrypted value using <CipherValue> or <CipherReference> as child elements. Using the <CipherValue> element holds the value as an encrypted octet sequence using base64-encoded text as shown in Example 6-19.

Example 6-19. Representation of encrypted data as <CipherValue>

  <EncryptedData        xmlns="http://www.w3.org/2001/04/xmlenc#"       MimeType="text/xml"       Type="http://www.w3.org/2001/04/xmlenc#Element">       <CipherData>         <CipherValue>gfgf-EncryptedText-u=gh#@hgh</CipherValue>       </CipherData>     </EncryptedData> 

Alternatively, using the <CipherReference> element allows you to specify a URI that references an external location containing the encrypted octet sequence. In addition to URI, <CipherReference> can also contain an optional <Transforms> element to list the decryption steps required to obtain the cipher value. The <Transforms> element allows you to include any number of transformations specified by using the <ds:Transform> element. Example 6-20 illustrates the representation of the <CipherReference> and <Transforms> elements.

Example 6-20. Representing transforms to support decryption

<EncryptedData        xmlns="http://www.w3.org/2001/04/xmlenc#"       MimeType="text/xml"       Type="http://www.w3.org/2001/04/xmlenc#Element">       <CipherData>    <CipherReference               URI="http://www.csp.com/cipher-payment.xml">    <Transforms>      <ds:Transform       Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">       <ds:XPath xmlns:rep="http://www.my-xslt.org/xslt-dump/">        self::text()[parent::rep:CipherValue[@]]        </ds:XPath>       </ds:Transform>       <ds:Transform          Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>     </Transforms> </CipherReference> </CipherData> </EncryptedData> 

<EncryptedKey>

The <EncryptedKey> element is used to transport encryption keys between the message sender and the message's ultimate recipients. It can be used within XML data or specified inside an <EncryptedData> element as a child of a <ds:KeyInfo> element. See Example 6-21.

Example 6-21. Representing encrypted keys using <EncryptedKey> element

    <EncryptedKey                   xmlns="http://www.w3.org/2001/04/xmlenc#">      <EncryptionMethod         Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">        <ds:KeyName>Isaac Newton</ds:KeyName>      </ds:KeyInfo>       <CipherData>        <CipherValue>iutyuo</CipherValue>      </CipherData>        <ReferenceList>         <DataReference URI="#DRL"/>         </ReferenceList>     <CarriedKeyName>CSP SecurityKey</CarriedKeyName>     </EncryptedKey> 

When <EncryptedKey> is decrypted, the resulting octets are made available to the EncryptionMethod algorithm without any additional processing.

<EncryptionProperties>

The optional <SignatureProperties> can contain all additional information about the creation of the XML encryption. This may include details such as date, timestamp, serial number of cryptographic hardware used for encryption, and other application-specific attributes.

XML Encryption Algorithms

The XML encryption specifications define a set of encryption and decryption algorithms and associate them with identifier URIs that can be used as the value of the <Algorithm> attribute of <EncryptionMethod>. In addition, an application can adopt an algorithm of its own choice provided by the XML encryption implementation. Based on the applied role, all algorithms take implicit parameters, such as encryption or decryption data, key information, and operations defining either encryption or decryption. Additional explicit parameters can be specified within the content of the element.

Let's take a closer look at those algorithms, their identifying URIs, and their implementation requirements.

Block Encryption

Block encryption algorithms are designed to provide encryption and decryption of data in fixed-size and multiple-octet blocks. The XML encryption specification defines four algorithms for block encryption, as follows:

Key Transport

Key transport algorithms are public-key algorithms designed for encrypting and decrypting keys. These algorithms are identified as the value of the <Algorithm> attribute of the <EncryptionMethod> element, representing the <EncryptedKey> element. The XML encryption specification defines two algorithms for key transport as follows:

Key Agreement

The key agreement algorithm is used to derive the shared secret key based on compatible public keys from both the sender and its recipient. This is represented using the <AgreementMethod> element as a child element of the <KeyInfo> element. The <AgreementMethod> element holds the information identifying the keys of the sender, key size information, and the computation procedure to obtain the shared encryption key. The XML encryption specification defines the following algorithm for key agreement:

Symmetric Key Wrap

The symmetric key wrap algorithms are shared secret-key encryption algorithms specified for encrypting and decrypting symmetric keys. These algorithms are identified as the value of the <Algorithm> attribute of the <EncryptionMethod> element, representing the <EncryptedKey> element. The XML encryption specification defines four algorithms for symmetric key wrap as follows:

Message Digest

The message digest algorithms are used to derive the hash value digest of a message or data. As part of the derivation, the <AgreementMethod> element is used to hold the information identifying the keys of the sender, key size information, and the computation procedure to obtain the digest. It can also be used as a hash function in the key transport RSA-OAEP algorithm. The XML encryption specification defines the following four algorithms for message digest:

Message Authentication

For message authentication, the XML encryption specification uses the XML digital signature-based algorithm:

Canonicalization

Prior to XML encryption, applying canonicalization allows you to consistently serialize the XML into an octet stream, which is an identical textual representation of the given XML document. XML encryption defines two kinds of canonicalization algorithms: inclusive canonicalization and exclusive canonicalization.

• Inclusive Canonicalization: The serialized XML includes both in-scope namespace and XML namespace attribute context from ancestors of the XML being serialized. The specification defines two algorithms specific to inclusive canonicalization.

  - Algorithm name: Canonical XML without comments
  Identifying URI:	http://www.w3.org/TR/2001/REC-xml-c14n-20010315#
  Implementation:	Optional
  - Algorithm name: Canonical XML with comments
  Identifying URI:	http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
  Implementation:	Optional

  
  

• Exclusive Canonicalization: The serialized XML provides the minimum requirement details about its namespace and associated XML namespace attribute context from ancestors of the XML being serialized. This helps a signed XML payload not to break its structural integrity when a sub element is removed from the original message and/or inserted into a different context. The specification defines two algorithms specific to exclusive canonicalization.

  - Algorithm name: Exclusive XML canonicalization without comments
  Identifying URI:	http://www.w3.org/2001/10/xml-exc-c14n#
  Implementation:	Optional
  - Algorithm name: Exclusive XML canonicalization with comments
  Identifying URI:	http://www.w3.org/2001/10/xml-exc-c14n#WithComments
  Implementation:	Optional

  
  

XML Encryption: Example Scenarios

Let's consider an example scenario: A wholesaler hosts a Web-services-based solution for delivering products, catalogs, and services for its business customers. The business customer uses a Web-services-based client application for sending purchase orders and receiving delivery confirmations from the service provider. The business customer sends purchase order information that includes some critical information, such as products, quantity, credit card number, and shipping address. Using XML encryption, both the service requester and service provider guarantee that all Web-services-based transactions transmitted between them remain secure and confidential.

Example 6-22 is a purchase order of a business customer that illustrates how to represent XML encryption.

Example 6-22. XML document representing a purchase order

       <?xml version='1.0'?>          <PurchaseOrder xmlns='http://speeding.com/online/pay'>           <BusinessName>CSP Security</BusinessName>            <OrderedProducts>                <ProductDetails>                <Name>Radar Detector</Name>                <Quantity>1</Quantity>                </ProductDetails>                <TotalCost>75.00</TotalCost>            <CreditCard>             <Cardholder>R Nagappan</Cardholder>             <Number>4000 2445 0277 5567</Number>             <Currency>'USD'</Currency>             <Issuer>American Generous Bank</Issuer>            <Expiration>04/02</Expiration>          </CreditCard>          <ShipAddress>1 Bills Dr, Newton, MA01803</ShipAddress> </PurchaseOrder> 

Using the above example, let's take a look at the different scenarios of XML encryption and how XML encryption is represented.

XML Encryption: Element Level

In this scenario, let's consider the business customer that prefers to encrypt only the payment information such as cardholder name, credit card number, currency, and issuing bank as confidential. After applying XML encryption, the representation of the XML document appears as shown in Example 6-23.

Example 6-23. XML document using element-level XML encryption

       <?xml version='1.0'?>            <PurchaseOrder xmlns='http://speeding.com/online/pay'>            <BusinessName>CSP Security</BusinessName>            <OrderedProducts>                <ProductDetails>                <Name>Radar Detector</Name>                <Quantity>1</Quantity>                </ProductDetails>                <TotalCost>75.00</TotalCost>           <EncryptedData             xmlns="http://www.w3.org/2001/04/xmlenc#"            MimeType="text/xml"            Type="http://www.w3.org/2001/04/xmlenc#Element">          <CipherData>           <CipherValue>XHDDxyz=cArdDeTa3eNcrY==</CipherValue>          </CipherData>          </EncryptedData>         <ShipAddress>1 Bills Dr, Newton, MA01803</ShipAddress>     </PurchaseOrder> 

After encryption, the complete <CreditCard> element, including its child elements, are encrypted and represented within a <CipherData> element.

XML Encryption: Element Content Level

In this scenario, let's consider the business customer that prefers to encrypt only the credit card number element as confidential, leaving other payment related information readable. After applying XML encryption, the representation of XML document appears as shown in Example 6-24.

Example 6-24. XML document using content-level encryption

       <?xml version='1.0'?>            <PurchaseOrder xmlns='http://speeding.com/online/pay'>            <BusinessName>CSP Security</BusinessName>            <OrderedProducts>                <ProductDetails>                <Name>Radar Detector</Name>                <Quantity>1</Quantity>                </ProductDetails>                <TotalCost>75.00</TotalCost>        <CreditCard>           <Cardholder>R Nagappan</Cardholder>           <EncryptedData             xmlns="http://www.w3.org/2001/04/xmlenc#"            MimeType="text/xml"            Type="http://www.w3.org/2001/04/xmlenc#Content">        <CipherData>           <CipherValue>safDDxyzouyh</CipherValue>          </CipherData>          </EncryptedData>             <Currency>'USD'</Currency>           <Issuer>American Generous Bank</Issuer>           <Expiration>04/02</Expiration>           </CreditCard>         <ShipAddress>1 Bills Dr, Newton, MA01803</ShipAddress>     </PurchaseOrder> 

XML Encryption: Element Content (Character Data)

Let's consider the business customer that prefers to encrypt only the attribute value of the credit card number as confidential, leaving other information readable. In this scenario, the content value of the <Number> element will be encrypted as cipher data. After applying XML encryption, the representation of XML document appears as shown in Example 6-25.

Example 6-25. XML document using element data encryption

       <?xml version='1.0'?>    <PurchaseOrder xmlns='http://sahara.com/online/pay'>     <BusinessName>CSP Security</BusinessName>            <OrderedProducts>                <ProductDetails>                <Name>Radar Detector</Name>                <Quantity>1</Quantity>                </ProductDetails>                <TotalCost>75.00</TotalCost>                <CreditCard>      <Cardholder>R Nagappan</Cardholder>          <Number>          <EncryptedData             xmlns="http://www.w3.org/2001/04/xmlenc#"            MimeType="text/xml"            Type="http://www.w3.org/2001/04/xmlenc#Content">    <CipherData>           <CipherValue>safDFFFuyh</CipherValue>          </CipherData>          </EncryptedData>            </Number>             <Currency>'USD'</Currency>        <Issuer>American Generous Bank</Issuer>       <Expiration>04/02</Expiration>     </CreditCard>         <ShipAddress>1 Bills Dr, Newton, MA01803</ShipAddress>     </PurchaseOrder> 

In Example 6-25, Both <CreditCard> and <Number> element names are readable, but the character data content of <Number> is encrypted.

XML Encryption: Arbitrary Content

Let's consider the business customer that prefers to encrypt the complete document as confidential. The whole document encrypted will become an octet sequence, as shown in Example 6-26.

Example 6-26. XML document using full document encryption

  <?xml version='1.0'?>   <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'    MimeType='text/xml'>     <CipherData>       <CipherValue>CSS#SDOUHDSajjn</CipherValue>     </CipherData>   </EncryptedData> 

Super Encryption: Encrypting the Encrypted Data

As we discussed earlier, XML encryption allows you to apply encryption to different parts of an XML document that may contain zero or more <EncryptedData> elements. But it is not possible to create an <EncryptedData> element within an existing <EncryptedData> element as a child or its parent.

Super encryption allows encryption of already encrypted content, including <EncryptedData> and <EncryptedKey> elements. To apply super encryption of an <EncryptedData> or <EncryptedKey> element, it is necessary to encrypt the entire element or it will be invalid.

Let's consider the business customer that prefers to encrypt the complete document as confidential. Example 6-27a shows the whole document encrypted and represented as a cipher data.

Example 6-27a. XML document using full document encryption

  <?xml version='1.0'?>   <EncryptedData               xmlns='http://www.w3.org/2001/04/xmlenc#'              MimeType='text/xml'                Type='http://www.w3.org/2001/04/xmlenc#Element'>     <CipherData>       <CipherValue>CSSSDOUHDSajjn</CipherValue>     </CipherData>   </EncryptedData> 

After Super encryption, the <EncryptedData Id="pd1"> would appear as follows in Example 6-27b:

Example 6-27b. XML document using super encryption

  <?xml version='1.0'?>   <EncryptedData               xmlns='http://www.w3.org/2001/04/xmlenc#'              MimeType='text/xml'                Type='http://www.w3.org/2001/04/xmlenc#Element'>     <CipherData>       <CipherValue>lkhjlkHDSajjn</CipherValue>     </CipherData>   </EncryptedData> 

The resulting cipher data is the base64-encoding of the encrypted octet sequence of the <EncryptedData> element with "Id1".