ML is the de-facto language of business transactions. It enables structuring data. And the 2.0 version of the .NET framework, heretofore known by its codename, Whidbey, will finally enable you to encrypt and decrypt XML data. In this article I will explore the implementation of XML encryption in .NET 2.0.
|Author's Note: Throughout this article when I reference .NET I'm referring to .NET Framework 2.0.
Basics of .NET XML Encryption
The first thing to cheer about Microsoft's implementation of XML encryption is that it's W3C compliant. What this means to you is that you will be able to exchange data with other implementations with ease. No proprietary nonsense here.
The interesting part is that the implementation supports encryption of arbitrary data i.e. non-XML data. You could encrypt binary data; the input needn't be XML. However the output/result will be an XML element.
When you're thinking of encrypting XML data there are two possible scenarios:
- Encryption of an entire document
- Encryption of portions of a document
The .NET framework supports both of these scenarios and provides you with multiple types of encryption algorithms:
- Triple DES
- AES 128
- AES 192
- AES 256
XML encryption is driven by the System.Security.Cryptography.Xml.EncryptedXml class.
|What You Need
| Visual Studio.Net 2005 beta 1 (Whidbey).
Dive into XML Encryption
The XML document, "Order.xml," below, shows a purchase order:
<item quantity="1">.NET Framework Security</item>
<item quantity="1">Essential XML Quick Reference</item>
<street>110 Denny Way</street>
<street>1 Microsoft Way</street>
This XML file contains order details, including ordered items, customer data present in the shipping tag, and payment information present in the billing tag (customer credit card information).
In order to encrypt this data or portions of it, you need to follow these steps:
- Load the XML document
- Create an instance of the encryption algorithm provider
Select the XML element you need to encrypt
- Create an EncryptedXML object
- Encrypt the element using the key generated by the encryption algorithm object
- Create an encrypted data object and specify its properties
- Assign the encrypted data to the encrypted data object's cipher value
- Replace the plain text XML element with the encrypted data object
- Save the encrypted data to a file (optional)
In order to decrypt data similarly you have to follow these steps:
- Load the XML document
- Retrieve the encrypted XML element
- Create an encrypted data object
- Load the encrypted element into the encrypted data object
- Create an encrypted XML object
- Decrypt the element using the key
- Replace the encrypted element with the plain-text XML element
- Save the decrypted data to a file (optional)