Sample Application - DOMCipher

Description

DOMCipher is a sample application for illustrating how to use the DOM-based implementation. It enables to encrypt or decrypt certain elements in a document.

Preparation

If you don't have any public/private key pair or secret key, you have to prepare it using keytool provided by Java2 or KeyGenerator provided by this package. If you want to create a key pair, type a command like:

  >keytool -genkey -alias key
                   -keyalg RSA
                   -dname "CN=Takeshi Imamura, OU=TRL, O=IBM, C=JP"
                   -keypass keypass
                   -keystore keystore
                   -storepass storepass

Also you have to prepare both keyinfo and template documents. The former is used for providing information on a keystore and keys in it, e.g., key aliases and passwords. keyinfo2.xml is a sample keyinfo document. The latter is used for specifying the structure of an EncryptedData element, which determines the algorithm and key being used and the resulting EncryptedData element. Several sample template documents, such as template1.xml and template2.xml, are provided.

Usage

Before running DOMCipher, make sure that all packages (including this) have been installed correctly. Consult the Installation Guide for details.

The usage of DOMCipher is as follows:

  >java enc.DOMCipher option [arg...]

where option is:

-e keyinfo source [path template...]:
Encrypt the elements specified by paths in source according to templates and print the resulting document to stdout. The keys are obtained from the keystore specified in keyinfo by regarding the identifiers specified by the KeyName elements in templates as key aliases.
-d keyinfo source [path...]:
Decrypt the EncryptedData elements specified by paths in source and print the resulting document to stdout. The keys are obtained from the keystore specified in keyinfo by regarding the identifiers specified by the KeyName elements within the EncryptedData elements as key aliases.
-h:
Print this message.

Examples

Suppose that you are in data\enc\ of this package. If you want to encrypt the cardinfo element in bookorder.xml according to template1.xml with a key in the keystore specified in keyinfo1.xml, type:

  >java enc.DOMCipher -e keyinfo1.xml
                         bookorder.xml
                         "//*[name()='cardinfo']"
                         template1.xml

You will see the resulting document in stdout. Then if you want to decrypt the generated EncryptedData element with the corresponding key in the keystore specified in keyinfo2.xml, type:

  >java enc.DOMCipher -d keyinfo2.xml
                         foo.xml
                         "//*[namespace-uri()='http://www.w3.org/2001/04/xmlenc#'
                              and local-name()='EncryptedData']"

where it is assumed that you stored the encrypted document in foo.xml. You will see that the document printed to stdout is the same as the one in bookorder.xml.

Takeshi Imamura

Hiroshi Maruyama