Chapter Six. XML Cryptography

Extensible Markup Language ^[1] (XML) has recently become perhaps the most ubiquitous new technology in the computing industry. It has found its way into every imaginable aspect of programming, from document-publishing software to SOAP-based distributed transaction-processing applications. In fact, XML has proven to be useful in virtually every situation in which data must be structured in a standardized format. In each of these applications, XML allows independence of programming language and platform. In essence, XML enables data interoperability and allows the development and use of reusable software libraries for processing structured data.

^[1] This chapter assumes that you are already somewhat familiar with XML. For your reference needs, please see the www.xml.org Web site. For a more complete and rigorous reference, please see the W3C Recommendation XML 1.0, which can be found at http://www.w3.org/TR/REC-xml.

Since cryptography and security can also be useful in practically every conceivable type of application that sends or receives structured data, it is not surprising that there is a significant overlap of interest between cryptography and security on the one hand and XML on the other. The obvious idea is therefore to apply cryptographic algorithms, such as encryption and signatures, to XML data. The result of this combination has produced two new important World Wide Web Consortium (W3C) standards, referred to as XML encryption and XML signatures , which are the topics of this chapter.