Copyright © 2013 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.
This document provides a summary of non-editorial changes in XML Encryption 1.1 from the XML Encryption Recommendation.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
In the case of any difference between this document and the XML Encryption 1.1 specification [XMLENC-CORE1], the XML Encryption 1.1 specification is authoritative.
This document was published by the XML Security Working Group as an Editor's Draft. If you wish to make comments regarding this document, please send them to public-xmlsec@w3.org (subscribe, archives). All comments are welcome.
Publication as an Editor's Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This document summarizes non-editorial changes in XML Encryption 1.1 [XMLENC-CORE1] from the XML Encryption Recommendation [XMLENC-CORE].
Added support for derived keys, in particular:
ConcatKDF
algorithm.PBKDF2
algorithm.DerivedKey
element RetrievalMethod
description to include DerivedKey
.ReferenceList
description to include DerivedKey
.AES-128-pad
, AES-192-pad
,
and AES-256-pad
Symmetric Key Wrap
algorithms as optional.SHA-384
Message Digest as optionalConcatKDF
as
required, PBKDF2
as optional.For all algorithms added, algorithm identifiers and information were added to the specification.
SHA-1
Message Digest to required, but DISCOURAGED.SHA-256
Message Digest to requiredAES-128-GCM
Block Encryption as required,
added warning about
use of CBC
block encryption algorithms and reference to paper on attack.RSA-OAEP
Key Transport to be used with
arbitrary mask
generation
functions (e.g. SHA2
based) by defining an
additional RSA-OAEP
URI
and significantly
revising specification text. Added definition of
new xenc11:MGF
element.
AES-GCM
Block Encryption description of the
algorithm as equivalent to
encryption followed by signing. Encoding
attribute in the
EncryptedType
element.URI
and
Transforms
in the
CipherReference
element is defined in XML Signature.CipherValue
element is used. Dated references below are to the latest known or appropriate edition of the referenced work. The referenced works may be subject to revision, and conformant implementations may follow, and are encouraged to investigate the appropriateness of following, some or all more recent editions or replacements of the works cited. It is in each case implementation-defined which editions are supported.