XML encryption

The XML Encryption ( XML Enc ) is a specification of ways in which XML documents encrypted and decrypted can be.

options

The following options are provided:

Encryption of the entire XML document
Encryption of an individual element and its sub-elements
Encryption of the content of an XML element
Encryption for multiple recipients

There are some special elements for this. The most important are:

EncryptedData is the enclosing tag for XML encryption. The attribute Typeinforms about whether an entire XML element or only the content of the element should be encrypted. The attribute Typeis optional.
EncryptionMethod describes the algorithm that is used for encryption. The element is optional. If this element is not used, the encryption algorithm must be known to the recipient.
KeyInfo is also an optional element that can contain information about the key with which the data was encrypted.
CipherData is the encrypted element. It contains either one or more CipherValue elements or a reference to the encrypted data (CipherReference).
CipherValue contains the encrypted data.
CipherReference is a reference to the encrypted data.

example

The following XML data record could occur during a payment process on the Internet:

  <?xml version='1.0'?>
  <PaymentInfo xmlns='http://example.org/paymentv2'>
    <Name>John Smith</Name>
    <CreditCard Limit='5,000' Currency='USD'>
      <Number>4019 2445 0277 5567</Number>
      <Issuer>Example Bank</Issuer>
      <Expiration>04/02</Expiration>
    </CreditCard>
  </PaymentInfo>

One way to protect sensitive credit card information is to encrypt the entire CreditCard element.

<?xml version='1.0'?>
  <PaymentInfo xmlns='http://example.org/paymentv2'>
    <Name>John Smith</Name>
    <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element'
     xmlns='http://www.w3.org/2001/04/xmlenc#'>
      <CipherData>
        <CipherValue>A23B45C56</CipherValue>
      </CipherData>
    </EncryptedData>
  </PaymentInfo>

literature

Daniel Koch: XML encryption and other security measures . In: iX . No. 10 , 2005, pp. 130–132 ( heise.de [accessed July 9, 2019]).

Web links

XML encryption syntax and processing . (W3C, English)

Individual evidence

↑ XML Encryption Syntax and Processing. W3C , December 10, 2002, accessed October 20, 2011 .

[1] XML Encryption Syntax and Processing. W3C , December 10, 2002, accessed October 20, 2011 .


recommendations	ActivityPub • ARIA • Canonical XML • CDF • CSS • DOM • Geolocation API • HTML • HTML5 • InkML • ITS • JSON-LD • MathML • OWL • P3P • PLS • PNG • RDF • RDF schema • RIF • SCXML • SISR • SKOS • SMIL • SOAP • SRGS • SSML • SVG • SPARQL • Timed Text • Turtle • VoiceXML • WSDL • XForms • XHTML • XHTML + RDFa • XInclude • XLink • XML • XML Base • XML Encryption • XML Events • XML Information Set • XML Namespace • XML Schema • XML Signature • XPath • XPointer • XProc • XQuery • XSL • XSL-FO • XSLT ( elements )
Working drafts and candidates	CCXML • CURIE • SMIL Timesheets • sXBL • WICD • XFrames • XBL • XHTML + MathML + SVG • XMLHttpRequest
Remarks	XAdES • XFDL • XHTML + SMIL • XUP
Guidelines	Web Content Accessibility Guidelines • Multimodal Interaction Activity • Markup Validation Service
Initiatives	Web Accessibility Initiative