The following options are provided:
- Encryption of the entire XML document
- Encryption of an individual element and its sub-elements
- Encryption of the content of an XML element
- Encryption for multiple recipients
There are some special elements for this. The most important are:
- EncryptedData is the enclosing tag for XML encryption. The attribute
Typeinforms about whether an entire XML element or only the content of the element should be encrypted. The attribute
- EncryptionMethod describes the algorithm that is used for encryption. The element is optional. If this element is not used, the encryption algorithm must be known to the recipient.
- KeyInfo is also an optional element that can contain information about the key with which the data was encrypted.
- CipherData is the encrypted element. It contains either one or more CipherValue elements or a reference to the encrypted data (CipherReference).
- CipherValue contains the encrypted data.
- CipherReference is a reference to the encrypted data.
The following XML data record could occur during a payment process on the Internet:
<?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo>
One way to protect sensitive credit card information is to encrypt the entire CreditCard element.
<?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> </PaymentInfo>
- Daniel Koch: XML encryption and other security measures . In: iX . No. 10 , 2005, pp. 130–132 ( heise.de [accessed July 9, 2019]).
- XML encryption syntax and processing . (W3C, English)