Copyright © 2012 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.
This document provides a summary of non-editorial changes in XML Encryption 1.1 from the XML Encryption Recommendation.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
In the case of any difference between this document and the XML Encryption 1.1 specification [XMLENC-CORE1], the XML Encryption 1.1 specification is authoritative.
This document was published by the XML Security Working Group as a First Public Working Group Note. If you wish to make comments regarding this document, please send them to public-xmlsec@w3.org (subscribe, archives). All feedback is welcome.
Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This document summarizes non-editorial changes in XML Encryption 1.1 [XMLENC-CORE1] from the XML Encryption Recommendation [XMLENC-CORE].
Added support for derived keys, in particular:
ConcatKDF algorithm.PBKDF2 algorithm.DerivedKey element RetrievalMethod description to include DerivedKey.ReferenceList description to include DerivedKey.AES-128-pad, AES-192-pad,
and AES-256-pad Symmetric Key Wrap
algorithms as optional.SHA-384 Message Digest as optionalConcatKDF as
required, PBKDF2 as optional.For all algorithms added, algorithm identifiers and information were added to the specification.
SHA-1 Message Digest to required, but DISCOURAGED.SHA-256 Message Digest to requiredAES-128-GCM Block Encryption as required,
added warning about
use of CBC
block encryption algorithms and reference to paper on attack.RSA-OAEP Key Transport to be used with
arbitrary mask
generation
functions (e.g. SHA2
based) by defining an
additional RSA-OAEP URI and significantly
revising specification text. Added definition of
new xenc11:MGF element.
AES-GCM Block Encryption description of the
algorithm as equivalent to
encryption followed by signing. Encoding attribute in the
EncryptedType element.URI and
Transforms in the
CipherReference element is defined in XML Signature.CipherValue element is used.