|
The IBM XML Security Suite ships with a number of example programs that implement XML Encryption. Java source code is provided.
Let’s walk through the encryption process using the Java classes provided by the XML Security Suite. These classes take over the work of creating the XML structures we’ve encountered in this chapter. The cryptography is performed by an implementation of the java.security classes. Remember, there is nothing new about the cryptography used for XML Encryption, so any java.security implementation can be used.
The first step is to create an EncryptedData structure into which the ciphertext and the key information will go.
EncryptionMethod em = new EncryptionMethod(); em.setAlgorithm(EncryptionMethod.TRIPLE_DES_CBC); KeyName kn = new KeyName(); kn.setValue("key"); KeyInfo ki = new KeyInfo(); ki.addKeyId(kn); EncryptedData ed = new EncryptedData(); ed.setType(EncryptedData.ELEMENT); ed.setEncryptionMethod(em); ed.setKeyInfo(ki); Element encData = ed.createElement(elem.getOwnerDocument());
As we can see in the preceding code, we are using Triple-DES with cipher block chaining. The key will be referenced using the name “key,” and the encrypted data is an XML element (as opposed to element content, or arbitrary data).
The next step is to use a com.ibm.xml.enc.EncryptionContext object to load our XML element, our key, and an algorithm factory into the EncryptedData structure that we’ve made. The XML element we are encrypting is contained in an org.w3c .dom.Element object. The key is contained in a java.security.Key object. A factory for encryption algorithm implementations uses a com.ibm.xml.end .AlgorithmFactory object.
The EncryptionContext object has many methods that are useful for encryption. Here, we load it up with our element, the EncryptedData structure, and our key:
EncryptionContext encCont = new EncryptionContext(); encCont.setData(elem); context.setEncryptedType(encData.getDocumentElement () null, null, null); encCont.setKey(key); encCont.setAlgorithmFactory(algFac);
At this stage, we have everything in place that we need for encryption.
These two lines populate the EncryptedData structure with the CipherValue, and replace the unencrypted element with the new EncryptedData structure:
encCont.encrypt(); encCont.replace();
The EncryptedData structure is shown here:
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#3des-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>key</KeyName> </KeyInfo> <CipherData> <CipherValue>jp2so32</CipherValue> </CipherData> </EncryptedData>
We saw in the encryption code that the EncryptionContext object is very useful. Similarly, the DecryptionContext object does a lot of work for decryption.
DecryptionContext decCont = new DecryptionContext(); KeyInfoResolver kiRes = new KeyInfoResolver(); decCont.addEncryptedData(encData); decCont.setKeyInfoResolver(kiRes); decCont.setAlgorithmFactory(algFac); decCont.decrypt();
The KeyInfoResolver object is used to retrieve the key from the ds:KeyInfo structure. An AlgorithmFactory object is again used to obtain an implementation of the appropriate encryption algorithm.
|