Scribd Logo
Upload

Welcome to Scribd!

  • XML Encryption: Notes From

    Uploaded by

    hashmude
    13 views18 pages
    Xml encryption adds Encrypting part of the data being exchanged. Not a replacement for SSL XML Encryption adds Secure sessions between more than two parties. May contain a KeyInfo element that describes the key needed for decryption.

    Original Description:

    Original Title

    x Ml Encryption

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Xml encryption adds Encrypting part of the data being exchanged. Not a replacement for SSL XML Encryption adds Secure sessions between more than two parties. May contain a KeyInfo element that describes the key needed for decryption.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views18 pages

    XML Encryption: Notes From

    Uploaded by

    hashmude
    Xml encryption adds Encrypting part of the data being exchanged. Not a replacement for SSL XML Encryption adds Secure sessions between more than two parties. May contain a KeyInfo element that describes the key needed for decryption.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    1

    XML Encryption
    Notes from
    http://www-106.ibm.com/developerworks/library/x-
    encrypt/index.html
    by Bilal Siddiqui

    And Secure XML by Eastlake and Niles Addison Wesley
    2
    Not a replacement for SSL
    XML Encryption adds

    Encrypting part of the data being exchanged

    Secure sessions between more than two parties
    3
    General Form 1
    <EncryptedData>
    <CipherData>
    <CipherValue>
    Cipher Text Gibberish in Base 64
    </CipherValue>
    </CipherData>
    </EncryptedData>
    4
    General Form 2
    <EncryptedData>
    <CipherData>
    <CipherReference>
    pointer (URL) to gibberish
    </CipherReference>
    </CipherData>
    </EncryptedData>
    5
    Replaces the encrypted element or
    Serves as the new document root
    May contain a KeyInfo element that
    describes the key needed for decryption
    (borrowed from XML Digital Signature)
    EncryptedData is the core element
    6
    General Example (1)
    <MedInfo>
    <ID>
    <Name>
    <Address>
    </ID>
    <Medical></Medical>
    <Financial></Financial>
    </MedInfo>
    7
    General Example (2)
    <MedInfo>
    <ID>.</ID>
    <EncryptedData>
    <KeyInfo>
    <KeyName>Medical
    </KeyInfo>
    <CipherData>
    <CipherValue> gibberish
    </EncryptedData>
    8
    General Example (3)
    <Financial>
    <EncryptedData>
    <KeyInfo>
    <KeyName>Pay
    </KeyInfo>
    <CipherData>
    <CipherValue> gibberish
    </EncryptedData>
    </Finacial>
    </MedInfo>

    9
    Detailed Example (Listing 1)
    <purchaseOrder>
    <Order>
    <Item>book</Item>
    <Id>123-958-74598</Id>
    <Quantity>12</Quantity>
    </Order>
    <Payment>
    <CardId>123654-8988889-9996874</CardId>
    <CardName>visa</CardName>
    <ValidDate>12-10-2004</ValidDate>
    </Payment>
    </purchaseOrder>
    10
    Encrypting the Entire File (Listing 2)
    <?xml version='1.0' ?>
    <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'
    Type='http://www.isi.edu/in-notes/iana/assignments/media-
    types/text/xml'>
    <CipherData>
    <CipherValue>A23B45C56</CipherValue>
    </CipherData>
    </EncryptedData>

    IANA = Internet Assigned Numbers Authority a function of
    The Internet Corporation
    for Assigned Names and Numbers
    11
    Encrypting The Payment (Listing 3)
    <?xml version='1.0' ?>
    <PurchaseOrder>
    <Order>
    <Item>book</Item>
    <Id>123-958-74598</Id>
    <Quantity>12</Quantity>
    </Order>
    <EncryptedData
    Type='http://www.w3.org/2001/04/xmlenc#Element'
    xmlns='http://www.w3.org/2001/04/xmlenc#'>
    <CipherData>
    <CipherValue>A23B45C564587</CipherValue>
    </CipherData>
    </EncryptedData>
    </PurchaseOrder>
    One element
    12
    Encrypting Only the CardId (Listing 4)
    <?xml version='1.0' ?>
    <PurchaseOrder>
    <Order>
    <Item>book</Item>
    <Id>123-958-74598</Id>
    <Quantity>12</Quantity>
    </Order>
    <Payment>
    <CardId>
    <EncryptedData
    Type='http://www.w3.org/2001/04/xmlenc#Content'
    xmlns='http://www.w3.org/2001/04/xmlenc#'>
    <CipherData>
    <CipherValue>A23B45C564587</CipherValue>
    </CipherData>
    </EncryptedData>
    </CardId>
    <CardName>visa</CardName>
    <ValidDate>12-10-2004</CardName>
    </Payment>
    </PurchaseOrder>
    13
    Encrypting Non-XML Data(Listing 5)
    <?xml version='1.0' ?>
    <EncryptedData xmlns='http://www.w3.org/2001/04/xmlen#'
    Type='http://www.isi.edu/in-notes/iana/assignments/media-
    types/jpeg' >

    <CipherData>
    <CipherValue>A23B45C56</CipherValue>
    </CipherData>
    </EncryptedData>
    14
    Sending a public key(listing 6)
    <?xml version='1.0' ?>
    <SecureCommunicationDemonstration>
    <EncryptedKey CarriedKeyName="Muhammad
    Imran"
    xmlns='http://www.w3.org/2001/04/xmlenc#'>
    <ds:KeyInfo
    xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <ds:KeyValue>1asd25fsdf2dfdsfsdfds2f1sd23
    </ds:KeyValue>
    </ds:KeyInfo>
    </EncryptedKey>
    </SecureCommunicationDemonstration>
    15
    Receiving a secret key encrypted
    to the public key (listing 7)

    <?xml version='1.0' ?> <SecureCommunicationDemonstration>
    <EncryptedKey CarriedKeyName="Imran Ali"
    xmlns='http://www.w3.org/2001/04/xmlenc#'>
    <EncryptionMethod Algorithm=
    "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
    <CipherData>
    <CipherValue>xyza21212sdfdsfs7989fsdbc
    </CipherValue>
    </CipherData>
    </EncryptedKey>
    </SecureCommunicationDemonstration>
    16
    Data Encrypted to Secret Key
    (Listing 8)
    <?xml version='1.0' ?>
    <<SecureCommunicationDemonstration>
    <Order>
    <Item>book</Item>
    <Id>123-958-74598</Id>
    <Quantity>12</Quantity>
    <CardName>Visa</CardName>
    <ExpDate>10-10-2005</ExpDate>
    <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element'
    xmlns='http://www.w3.org/2001/04/xmlenc#'>

    <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc '/>

    <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <ds:KeyName>Imran ali</ds:KeyName>
    </ds:KeyInfo>
    <CipherData>
    <CipherValue>A23B45C564587</CipherValue>
    </CipherData>
    </EncryptedData>
    </Order>
    </SecureCommunicationDemonstration>

    17
    The future ?
    Use XMLEncryption
    Use XMLSignature
    Use a new Public Key Infrastructure
    18
    XKMS
    PKI HOST
    XMK Key Management Specification
    Holds keys, certificates and
    certificate revocation list

    Signer

    Verifier
    Signed document
    (SOAP)
    Verify signature
    X-KISS
    XML Key Information
    Service Specification
    Register key
    Revoke Certificate
    Recover Key
    X-KRSS
    XML Key Registration
    Service Specification
    Signer generates key pair or
    requests the pair from the PKI host
    Key registration request
    Certificate sent to Signer
    Signed document sent to Verifier
    Verifier requests certificate from PKI host
    Key and certificate sent to Verifier
    The Signer may request that a
    certificate be revoked
    The Signer may request copy
    of lost keys

    You might also like