This document provides a summary of non-editorial changes in XML Encryption 1.1 from the XML Encryption Recommendation.
In the case of any difference between this document and the XML Encryption 1.1 specification [[XMLENC-CORE1]], the XML Encryption 1.1 specification is authoritative.
This document summarizes non-editorial changes in XML Encryption 1.1 [[XMLENC-CORE1]] from the XML Encryption Recommendation [[XMLENC-CORE]]. A detailed summary of all changes by document section is also available.
Added support for derived keys, in particular:
ConcatKDF
algorithm.PBKDF2
algorithm.DerivedKey
element RetrievalMethod
description to include DerivedKey
.ReferenceList
description to include DerivedKey
.AES-128-pad
, AES-192-pad
,
and AES-256-pad
Symmetric Key Wrap
algorithms as OPTIONAL.SHA-384
Message Digest as OPTIONALConcatKDF
as
REQUIRED, PBKDF2
as OPTIONAL.For all algorithms added, algorithm identifiers and information were added to the specification.
SHA-1
Message Digest to REQUIRED, but DISCOURAGED.SHA-256
Message Digest to REQUIREDAES-128-GCM
Block Encryption as REQUIRED,
added warning about
use of CBC
block encryption algorithms and reference to paper on attack.RSA-OAEP
Key Transport to be used with
arbitrary mask
generation
functions (e.g. SHA2
based) by defining an
additional RSA-OAEP
URI
and significantly
revising specification text. Added definition of
new xenc11:MGF
element.
AES-GCM
Block Encryption description of the
algorithm as equivalent to
encryption followed by signing. Encoding
attribute in the
EncryptedType
element.URI
and
Transforms
in the
CipherReference
element is defined in XML Signature.CipherValue
element is used.