XML Encryption Implementation

This is an experimental reference implementation of XML Encryption Syntax and Processing, which specifies a process for encrypting data and representing the result in XML.

Installation Guide

The installation and configuration process can be broken down into the following steps. Windows is used here as an example, but the implementation should work with any platform that has Java2.

Install the following software
- Java2 SDK or Runtime Environment 1.3 (IBM, Sun) or higher
- Java Cryptography Extension (JCE) 1.2.1 (IBM, Sun, Cryptix, IAIK)
- Xerces2 Java Parser 2.0 and its samples
- Xalan-Java 2.3
- International Components for Unicode for Java 2.1
Install this package
Consult the top page of this package for details. Also you should add samples\ to your classpath for your convenience.
Try a sample program
Move to data\enc\ and type:
```
  >java enc.DOMCipher -e keyinfo1.xml
                         bookorder.xml
                         "//*[name()='cardinfo']"
                         template1.xml
```
where line breaks are only for readability - you should type the command in a single line. DOMCipher with -e option encrypts the elements specified by XPaths in a document according to templates and prints the resulting document to stdout. In this case, the cardinfo element in bookorder.xml is encrypted as specified in template1.xml. The key being used is obtained from the keystore specified in keyinfo1.xml. If the command works, you can see the package has been installed correctly.

Status

Application Features	Key Word	Support
Laxly valid schema generation of EncryptedData/EncryptedKey	MUST	Y
Normalized Form C generations	SHOULD	Y
Type, MimeType, and Encoding	MUST	Y
CipherReference URI derefencing	MUST	Y
Transforms	OPTIONAL	Y
ds:KeyInfo	MUST	Y
xenc:DHKeyValue	OPTIONAL	N
ds:KeyName	RECOMMENDED	Y
ds:RetrievalMethod	REQUIRED	Y
ReferenceList	OPTIONAL	Y
EncryptionProperties	OPTIONAL	Y
Processing Features	Key Word	Support
Required Type support: Element and Content	MUST	Y
Encryption	MUST	Y
Serialization of XML Element and Content	MAY	Y
NFC conversion from non-Unicode encodings	MUST	N
Encryptor returns EncryptedData structure	MUST	Y
Encryptor replaces EncryptedData into source document (when Type is Element or Content)	SHOULD	Y
Decryption	MUST	Y
Decryptor returns data and its Type to application (be it octet sequence or key value)	MUST	Y
If data is Element or Content, decryptor returns UTF-8-encoded XML character data	MUST	Y
If data is Element or Content, decryptor replaces EncryptedData in source document with decrypted data	SHOULD	Y
Algorithms	Key Word	Support
Triple DES	REQUIRED	Y
AES-128	REQUIRED	Y
AES-192	OPTIONAL	Y
AES-256	REQUIRED	Y
RSA-v1.5	REQUIRED	Y
RSA-OAEP	REQUIRED	Y (only with SHA1 and no parameters)
Diffie-Hellman	OPTIONAL	N
Triple DES Key Wrap	REQUIRED	Y
AES-128 Key Wrap	REQUIRED	Y
AES-192 Key Wrap	OPTIONAL	Y
AES-256 Key Wrap	REQUIRED	Y
SHA1	REQUIRED	Y
SHA256	RECOMMENDED	Y
SHA512	OPTIONAL	Y
RIPEMD-160	OPTIONAL	Y
XML Digital Signature	RECOMMENDED	Y (by the XML-Signature implementation)
Decryption Transform	RECOMMENDED	Y
XPointer support in Except URI	OPTIONAL	Y (XPointer of type "#xpointer(id('ID'))" and barename XPointer only)
Canonical XML (with and without comments)	OPTIONAL	Y (only for DOM)
Exclusive Canonicalization (with and without comments)	OPTIONAL	Y (only for DOM)
Base64	REQUIRED	Y

Sample Applications

DOMCipher: application for illustrating how to use the DOM-based implementation
XNICipher: application for illustrating how to use the XNI-based implementation
XMLSig: application for illustrating how to process XML Signatures containing Decryption Transform

Tools

KeyGenerator: utility for generating secret keys

API Documentation

Reference to packages, classes and members. This is generated by javadoc.

API specification

Changes

04/08/2002: Supported schema generation in NFC; Supported Canonical XML and Exclusive Canonicalization for DOM
03/22/2002: Supported application-level (DOM-based) processing; Extended com.ibm.xml.enc.KeyInfoResolverBase for recursive key encryption; Redesigned and implemented the classes representing types; Supported several algorithms, such as AES and RSA-OAEP; Moved to Xerces2 2.0.1; Introduced com.ibm.xml.enc.EncryptedKeyRetriever for retrieval of the EncryptedKey elements referencing an ID; Renamed enc.XMLCipher2 to enc.XNICipher; Added enc.DOMCipher, a sample application for the DOM-based implementation
11/26/2001: Moved to Xerces2 2.0.0 beta3; Supported Decryption Transform; Added enc.XMLSig, a sample application for Decryption Transform
10/24/2001: Reformed APIs; Supported parser-level (XNI-based) processing; Supported a few algorithms
04/19/2001: First release

Takeshi Imamura

Hiroshi Maruyama