XML encryption

from Wikipedia, the free encyclopedia

The XML Encryption ( XML Enc ) is a specification of ways in which XML documents encrypted and decrypted can be.


The following options are provided:

  • Encryption of the entire XML document
  • Encryption of an individual element and its sub-elements
  • Encryption of the content of an XML element
  • Encryption for multiple recipients

There are some special elements for this. The most important are:

  • EncryptedData is the enclosing tag for XML encryption. The attribute Typeinforms about whether an entire XML element or only the content of the element should be encrypted. The attribute Typeis optional.
  • EncryptionMethod describes the algorithm that is used for encryption. The element is optional. If this element is not used, the encryption algorithm must be known to the recipient.
  • KeyInfo is also an optional element that can contain information about the key with which the data was encrypted.
  • CipherData is the encrypted element. It contains either one or more CipherValue elements or a reference to the encrypted data (CipherReference).
  • CipherValue contains the encrypted data.
  • CipherReference is a reference to the encrypted data.


The following XML data record could occur during a payment process on the Internet:

  <?xml version='1.0'?>
  <PaymentInfo xmlns='http://example.org/paymentv2'>
    <Name>John Smith</Name>
    <CreditCard Limit='5,000' Currency='USD'>
      <Number>4019 2445 0277 5567</Number>
      <Issuer>Example Bank</Issuer>

One way to protect sensitive credit card information is to encrypt the entire CreditCard element.

<?xml version='1.0'?>
  <PaymentInfo xmlns='http://example.org/paymentv2'>
    <Name>John Smith</Name>
    <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element'

See also


  • Daniel Koch: XML encryption and other security measures . In: iX . No. 10 , 2005, pp. 130–132 ( heise.de [accessed July 9, 2019]).

Web links

Individual evidence

  1. XML Encryption Syntax and Processing. W3C , December 10, 2002, accessed October 20, 2011 .