130 likes | 461 Views
What is XML Encryption. A W3C Standard Recomendation, http://www.w3c.org/Encryption/2001/ A process for encrypting data and representing the result in XML This data can be arbitrary data, including XML documents, individual elements, or content.
E N D
What is XML Encryption A W3C Standard Recomendation, http://www.w3c.org/Encryption/2001/ A process for encrypting data and representing the result in XML This data can be arbitrary data, including XML documents, individual elements, or content. Uses symmetric cipher for data protection (DESede, AES) Uses RSA for key protection
Examples Element <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo> <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C56A23B45C56</CipherValue> </CipherData> </EncryptedData> </PaymentInfo>
Examples Element content <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo> <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Content'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> </CreditCard> </PaymentInfo>
Examples cdata content <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo> <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number> <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Content'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> </Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo>
Products and solutions Commercial Java products • KeyTools XML, Baltimore Technologies • XML Signature & XML Encryption • much, much more • XML Security Suite, IBM Corp. • XML Signature & XML Encryption • XML Access Control Language • Phaos XML Security Suite, Phaos Tech. • XML Signature & XML Encryption • SAML
Products and solutions Open Source • XML Security Library, MIT • http://www.aleksey.com/xmlsec/ • XML Signature & XML Encryption • C Library using OpenSSL • XML Security, Apache XML Project. • http://xml.apache.org/security/ • XML Signature • Partly XML Encryption (beta) • Java
Products and solutions Our solution • XML Encryption • Using Sun JCE and JCA • Using JDOM as XML DOM toolkit • Implements most required features of the W3C Recommendation • Keys protected with password protected encryption standard (PKCS #5) • Does not support encrypted key feature, user must have the correct key.
Overview JCE KeyManager XMLEncryptionDemo XMLSecurityEngine XMLEncryptionEngine XMLSignatureEngine XMLHandler XMLEncryption EncryptedData JCE
Code Examples Our solution • Encryption of an xml element • XMLEncryption encrypter = new XMLEncryption(plaintextElement); • encrypter.encrypt(key); • XMLHandler.replaceElement(plaintextElement, • encrypter.getElement()); • Encryption of element content • XMLEncryption encrypter = • new XMLEncryption(plaintextElement.getContent()); • encrypter.encrypt(key); • XMLHandler.replaceContent(plaintextElement, • encrypter.getElement());
Code Examples Our solution • Decryption of an EncryptedData element • XMLEncryption decrypter = • new XMLEncryption(encryptedDataElement); • decrypter.decrypt(key); • List content = decrypter.getContent(); • Element element = decrypter.getElement(); • if (content != null) { • XMLHandler.replaceContent(encryptedDataElement.getParent(), • content); • } else if (element != null) { • XMLHandler.replaceElement(encryptedDataElement, element); • }