The W3C's XML Encryption specification
deals with data confidentiality using encryption techniques. As defined by the specification, with XML encryption, XML tags contain the encrypted data.
Some features of XML encryption are:
- The ability to encrypt a complete XML file
- The ability to encrypt a single element of an XML file
- The ability to encrypt only the contents of an XML element
- The ability to encrypt binary data within an XML file
The following sections discuss each of these features in more detail.
Encrypting a Complete XML File
Here's a short sample XML file that can serve to demonstrate XML encryption:
<Date>July 6, 2005</Date>
When you encrypt an entire XML file, the process simply replaces the root element (<PaymentInfo>
in the sample) with an <EncryptedData>
element wherein the encryption details, including the encrypted content, are contained. Now, look at Listing 1
, which contains an encrypted version of the preceding sample XML file.
Toward the bottom of Listing 1
, you'll find the encrypted contents of the root element within the child element named <CipherValue>
Encrypting a Single Element
To encrypt a single element of an XML file, you specify the desired child element, rather than the root element of the input file as the element to encrypt. Look at Listing 2
, which shows the results of encrypting only the <CreditCardNumber>
element of the sample file.
Notice that the encryption process replaced the <CreditCardNumber>
tag and its contents with an <EncryptedData>
tag, while leaving the siblings of the <CreditCardNumber>
Encrypting the Contents of an Element
Sometimes, you want to encrypt just the contents of an XML element rather than the entire element or document, leaving the element's tag untouched. Listing 3
shows the results of encrypting just the contents of the <CreditCardNumber>
Notice that in Listing 3
, the <CreditCardNumber>
tag itself remains intact, but the contents are now contained within the <EncryptedData>
Introducing the Apache XML Security Framework
The cryptography tools that created the encrypted XML examples for this article depend on JCA and JCE for low-level cryptographic support. However, the high-level XML encryption and decryption functionality is provided by the Apache XML Security project
, which you can download here
. The classes and interfaces in this project make use of the JCA and JCE to provide implementations for W3C XML security standards such as XML Encryption and XML Signature.
The tools in the next sections demonstrate how to use the Apache XML Security project to generate symmetric keys for XML encryption and decryption.