XML Encryption and Your Data
Ed
Simon
Entrust Technologies
Status
XML Encryption Work Group just chartered
in January.
In August 2000, strawman proposals for
XML Encryption were put forward by
Entrust w/ Microsoft and by the IBM Tokyo Research Lab.
These strawman proposals have been
forged together in one new proposal published last December. This new proposal forms our current working
spec.
What is XML Encryption?
“XML Encryption specifies an
XML-based syntax and processing rules for encrypting certain types of XML nodes
and arbitrary data”
•
“XML-based syntax” -
XML, rather than ASN.1 or other, will be used as the data formatting language
•
“encrypting…XML nodes” –
The current XML Encryption specifies how to encrypt an element and an element’s
content. Up for debate is whether
encryption of other types of XML data, particularly attribute values, should be
defined
•
“encrypting arbitrary
data” – The current XML Encryption supports the encryption of non-XML data, not
just XML data. (However, it does not describe
how to handle the situation where encrypted data is referenced by an element
(eg. <video src=“secret.mpg”/> and you want to encrypt
“secret.mpg”). Should XML Encryption
describe a default syntax and processing rules for doing so?)
The Two Principal Parts of XML Encryption
XML Encryption has two principal
parts:
•
Data-centric info – describes how XML Encryption works
with data. This is what this
presentation is about
•
Key-centric info - describes decrypting parameters: the
key, the algorithm, IV, etc. Not
covered here.
The <EncryptedData> element
<EncryptedData
Id=“an identifier”
Type=“type of data encrypted”>
<EncryptedKey>an encrypted form of the key used to encrypt the data</EncryptedKey>?
<EncryptionMethod>the encryption algorithm used</EncryptionMethod>?
<ds:KeyInfo>key identifying info (from the XML Signature spec)</ds:KeyInfo>?
<CipherText URI=“uri”>the ciphertext either as content or
referenced by the URI attribute</CipherText>
</EncryptedData>
The <EncryptedData> element: Encrypting a whole element or an
element’s content
In the encrypted version of an XML
instance, the <EncryptedData> element will appear in place of
an encrypted whole plaintext element or
an element’s content node list that was encrypted.
For example:
Before: After:
<Element> <Element>
<Cat/> <Cat>
<ElementToBeEncrypted> <EncryptedData> xmlns=“...”>
<Rabbit/> qYrSiO2R5X...
</ElementToBeEncrypted> </EncryptedData>
<Dog/> <Dog/>
</Element>
</Element>
Processing rules: Encrypting a whole element or an element’s content
1. Serialize (into a string) the node list
to be encrypted.
2. Encrypt the string and put it
•
in a <CipherText>
element or
•
in a resource referenced
by the <CipherText> URI attribute.
3. Create the <EncryptedData> element,
put in the <CipherText> element as a child. Set the <EncryptedData> type to “Element” or “NodeList”.
4. Replace the plaintext node list with the
<EncryptedData> element.
Processing rules: Decrypting a whole element or an element’s content
1. Find an <EncryptedData> element(s)
with Type attribute equal to “Element” or “ElementContent”.
2. Decrypt the content, referenced or
imbedded, of the <CipherText> element to form an XML fragment.
3. Parse the XML fragment into a DOM node
list.
4. Replace the <EncryptedData> element
with the node list.
The <EncryptedData> element: Encrypting arbitrary data
XML Encryption
supports the encryption of non-XML (arbitrary) data as well. To encrypt arbitrary data:
•
Encrypt the data and
base64 it.
•
Create a
<CipherText> element with the base64’ed ciphertext imbedded or
referenced.
•
Create an
<EncryptedData> element and insert the <CipherText> element as a
child. Set the <EncryptedData>
Type attribute to the media type of the data that was encrypted.