[XML Security Suite]

XML Encryption Implementation

This is an experimental reference implementation of XML Encryption Syntax and Processing, which specifies a process for encrypting data and representing the result in XML.


Installation Guide

The installation and configuration process can be broken down into the following steps. Windows is used here as an example, but the implementation should work with any platform that has Java2.

  1. Install the following software
  2. Install this package
    Consult the top page of this package for details. Also you should add samples\ to your classpath for your convenience.

  3. Try a sample program
    Move to data\enc\ and type:
      >java enc.DOMCipher -e keyinfo1.xml
                             bookorder.xml
                             "//*[name()='cardinfo']"
                             template1.xml
    where line breaks are only for readability - you should type the command in a single line. DOMCipher with -e option encrypts the elements specified by XPaths in a document according to templates and prints the resulting document to stdout. In this case, the cardinfo element in bookorder.xml is encrypted as specified in template1.xml. The key being used is obtained from the keystore specified in keyinfo1.xml. If the command works, you can see the package has been installed correctly.

Status

Application Features Key Word Support
Laxly valid schema generation of EncryptedData/EncryptedKey MUST Y
  • Normalized Form C generations
SHOULD Y
Type, MimeType, and Encoding MUST Y
CipherReference URI derefencing MUST Y
  • Transforms
OPTIONAL Y
ds:KeyInfo MUST Y
  • xenc:DHKeyValue
OPTIONAL N
  • ds:KeyName
RECOMMENDED Y
  • ds:RetrievalMethod
REQUIRED Y
ReferenceList OPTIONAL Y
EncryptionProperties OPTIONAL Y
Processing Features Key Word Support
Required Type support: Element and Content MUST Y
Encryption MUST Y
  • Serialization of XML Element and Content
MAY Y
    • NFC conversion from non-Unicode encodings
MUST N
  • Encryptor returns EncryptedData structure
MUST Y
  • Encryptor replaces EncryptedData into source document (when Type is Element or Content)
SHOULD Y
Decryption MUST Y
  • Decryptor returns data and its Type to application (be it octet sequence or key value)
MUST Y
  • If data is Element or Content, decryptor returns UTF-8-encoded XML character data
MUST Y
  • If data is Element or Content, decryptor replaces EncryptedData in source document with decrypted data
SHOULD Y
Algorithms Key Word Support
Triple DES REQUIRED Y
AES-128 REQUIRED Y
AES-192 OPTIONAL Y
AES-256 REQUIRED Y
RSA-v1.5 REQUIRED Y
RSA-OAEP REQUIRED Y (only with SHA1 and no parameters)
Diffie-Hellman OPTIONAL N
Triple DES Key Wrap REQUIRED Y
AES-128 Key Wrap REQUIRED Y
AES-192 Key Wrap OPTIONAL Y
AES-256 Key Wrap REQUIRED Y
SHA1 REQUIRED Y
SHA256 RECOMMENDED Y
SHA512 OPTIONAL Y
RIPEMD-160 OPTIONAL Y
XML Digital Signature RECOMMENDED Y (by the XML-Signature implementation)
Decryption Transform RECOMMENDED Y
  • XPointer support in Except URI
OPTIONAL Y (XPointer of type "#xpointer(id('ID'))" and barename XPointer only)
Canonical XML (with and without comments) OPTIONAL Y (only for DOM)
Exclusive Canonicalization (with and without comments) OPTIONAL Y (only for DOM)
Base64 REQUIRED Y

Sample Applications


Tools


API Documentation

Reference to packages, classes and members. This is generated by javadoc.


Related Documents


Changes

04/08/2002
Supported schema generation in NFC
Supported Canonical XML and Exclusive Canonicalization for DOM
03/22/2002
Supported application-level (DOM-based) processing
Extended com.ibm.xml.enc.KeyInfoResolverBase for recursive key encryption
Redesigned and implemented the classes representing types
Supported several algorithms, such as AES and RSA-OAEP
Moved to Xerces2 2.0.1
Introduced com.ibm.xml.enc.EncryptedKeyRetriever for retrieval of the EncryptedKey elements referencing an ID
Renamed enc.XMLCipher2 to enc.XNICipher
Added enc.DOMCipher, a sample application for the DOM-based implementation
11/26/2001
Moved to Xerces2 2.0.0 beta3
Supported Decryption Transform
Added enc.XMLSig, a sample application for Decryption Transform
10/24/2001
Reformed APIs
Supported parser-level (XNI-based) processing
Supported a few algorithms
04/19/2001
First release

Takeshi Imamura
Hiroshi Maruyama