XML Encryption and Your Data

Ed Simon
Entrust Technologies



XML Encryption Work Group just chartered in January.

In August 2000, strawman proposals for XML Encryption were  put forward by
Entrust w/ Microsoft and by the IBM Tokyo Research Lab. 

These strawman proposals have been forged together in one new proposal published last December.  This new proposal forms our current working spec.


What is XML Encryption?     

“XML Encryption specifies an XML-based syntax and processing rules for encrypting certain types of XML nodes and arbitrary data”

       “XML-based syntax” - XML, rather than ASN.1 or other, will be used as the data formatting language

       “encrypting…XML nodes” – The current XML Encryption specifies how to encrypt an element and an element’s content.  Up for debate is whether encryption of other types of XML data, particularly attribute values, should be defined

       “encrypting arbitrary data” – The current XML Encryption supports the encryption of non-XML data, not just XML data.  (However, it does not describe how to handle the situation where encrypted data is referenced by an element (eg. <video src=“secret.mpg”/> and you want to encrypt “secret.mpg”).  Should XML Encryption describe a default syntax and processing rules for doing so?)


The Two Principal Parts of XML Encryption

XML Encryption has two principal parts:


      Data-centric info – describes how XML Encryption works with data.  This is what this presentation is about

      Key-centric info - describes decrypting parameters: the key, the algorithm, IV, etc.  Not covered here.


The <EncryptedData> element

Id=“an identifier
Type=“type of data encrypted”>

<EncryptedKey>an encrypted form of the key used to encrypt the data</EncryptedKey>?

<EncryptionMethod>the encryption algorithm used</EncryptionMethod>?

<ds:KeyInfo>key identifying info (from the XML Signature spec)</ds:KeyInfo>?

<CipherText URI=“uri”>the ciphertext either as content or referenced by the URI attribute</CipherText>



The <EncryptedData> element: Encrypting a whole element or an element’s content

In the encrypted version of an XML instance, the <EncryptedData> element will appear in place of
an encrypted whole plaintext element or
an element’s content node list that was encrypted. 
For example:

     Before:                                     After:

   <Element>                     <Element>
  <Cat/>                        <Cat>
  <ElementToBeEncrypted>         <EncryptedData> xmlns=“...”>
    <Rabbit/>                       qYrSiO2R5X...  
  </ElementToBeEncrypted>        </EncryptedData>
  <Dog/>                        <Dog/> 
</Element>                     </Element>


Processing rules: Encrypting a whole element or an element’s content

1. Serialize (into a string) the node list to be encrypted.

2. Encrypt the string and put it

      in a <CipherText> element or

      in a resource referenced by the <CipherText> URI attribute.

3. Create the <EncryptedData> element, put in the <CipherText> element as a child.  Set the <EncryptedData> type to “Element” or “NodeList”.

4. Replace the plaintext node list with the <EncryptedData> element.


Processing rules: Decrypting a whole element or an element’s content

1. Find an <EncryptedData> element(s) with Type attribute equal to “Element” or “ElementContent”.

2. Decrypt the content, referenced or imbedded, of the <CipherText> element to form an XML fragment.

3. Parse the XML fragment into a DOM node list.

4. Replace the <EncryptedData> element with the node list.


The <EncryptedData> element: Encrypting arbitrary data

XML Encryption supports the encryption of non-XML (arbitrary) data as well.  To encrypt arbitrary data:

             Encrypt the data and base64 it.

             Create a <CipherText> element with the base64’ed ciphertext imbedded or referenced.

             Create an <EncryptedData> element and insert the <CipherText> element as a child.  Set the <EncryptedData> Type attribute to the media type of the data that was encrypted.