Block Cipher Processing

Previous page
Table of content
Next page
 <  Day Day Up  >  

XML Encryption uses only block ciphers. [2] This means that XML Encryption works by taking the plaintext message and breaking it into fixed- size blocks before encrypting each block. Two algorithms are part of the XML Encryption draft: the Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES). They both require fixed size input blocks and so require a block cipher padding algorithm.

[2] Block ciphers are the only required or recommended algorithms, but you can extend XML Encryption with stream ciphers. They are mentioned in the specification at http://www.w3.org/TR/xmlenc- core /#sec-Alg-Stream.

Block Cipher Padding (PKCS#5)

This section describes the block cipher padding algorithm specified in the standard PKCS#5 and used in block ciphers DES and AES.

Given an n -byte plaintext block and a b- byte block size where n <= b , the block cipher padding algorithm is as follows :


If   n  <   b  {
                       let   k  =   b   “   n   “  1  arbitrary  pad  bytes  and  append  these  bytes  to   n
}  else  if  ( n  ==   b )  {
                       let   k  =   b   “  1  arbitrary  pad  bytes  and  append  these  bytes  to   n
}
in  both  cases  if  ( n  <   b  and   n  ==   b )  {
                       append  a  final  byte  whose  value  is   k  +  1
}

Block Cipher Feedback

Another critical concept you need to understand is feedback between blocks in a message. You don't want blocks completely independent of each other because an attacker could subtract them from a message at will. Additionally, you want to combat pattern-based and frequency attacks, too. If the previous block affects the encryption of the next block, common words or patterns cannot be detected in the cipher. This concept is important for XML-based documents because XML has such a strong common structure. Therefore, you need some way to create a relationship between blocks. A technique called cipher block chaining ( CBC ) is the most common mechanism for creating such a relationship.

In CBC, you simply combine the current block with the previous block using XOR as you move through the plaintext blocks in order. Now each successive block is tied to and related in the ciphertext to the preceding block, making it impossible to remove a single block and replace it.

 <  Day Day Up  >  

Previous page
Table of content
Next page
Securing Web Services with WS-Security. Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
ISBN: 0672326515
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Jothy Rosenberg, David Remy
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Qshell for iSeries
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
.NET-A Complete Development Cycle
Java All-In-One Desk Reference For Dummies
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy