Performing XML Decryption using Apache XML Security
The DecryptTool class performs the steps in reverse: It reads an encrypted file from disk, decrypts the contents of the file using a previously stored key, and then stores the decrypted file to disk. The imports statements are similar to those used in the EncryptTool, and you can download the source code
so I won't show them here.
You initialize the Apache XML Security Framework to the default values using the same code as was used to encrypt the data earlier.
Next, you load the encrypted document from a file. The following method reads and parses the XML file to be decrypted, creating and returning a DOM document.
private static Document loadEncryptedFile(
String fileName) throws Exception
File encryptedFile = new File(fileName);
javax.xml.parsers.DocumentBuilderFactory dbf =
javax.xml.parsers.DocumentBuilder builder =
Document document = builder.parse(encryptedFile);
"Encryption document loaded from: " +
The following method reads a previously stored key from a file. You'll use it to decrypt the encrypted data-decryption key.
private static SecretKey loadKeyEncryptionKey()
String fileName = "keyEncryptKey";
String jceAlgorithmName = "DESede";
File kekFile = new File(fileName);
DESedeKeySpec keySpec =
SecretKeyFactory skf =
SecretKey key = skf.generateSecret(keySpec);
System.out.println("Key encryption key loaded from: "
To write the decrypted document to a file, use the following method.
private static void writeDecryptedDocToFile(
Document doc, String fileName) throws Exception
File encryptionFile = new File(fileName);
FileOutputStream outStream =
TransformerFactory factory =
Transformer transformer = factory.newTransformer();
DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(outStream);
System.out.println("Decrypted data written to: " +
Again, a main()
method performs the necessary steps to decrypt an already encrypted XML file using a previously stored and encrypted key.
public static void main(String args)
First, it retrieves the XML file to be decrypted and parsed into a DOM document.
Document document = loadEncryptedFile(args);
Next, it retrieves the encrypted data element from the DOM document.
String namespaceURI =
String localName = EncryptionConstants._TAG_ENCRYPTEDDATA;
Element encryptedDataElement =
Then, it retrieves the key that will be used to decrypt the data-decryption key from disk.
Key keyEncryptKey = loadKeyEncryptionKey();
The following block creates and initializes a cipher with the data-decryption key. The mode in this case is set to DECRYPT_MODE
, because it will be used to decrypt the data.
XMLCipher xmlCipher = XMLCipher.getInstance();
It calls the doFinal()
method to perform the actual decryption.
And finally, it writes the decrypted document to a file.
XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications.
The Java cryptography architecture (JCA) is a framework of classes, interfaces, and packages for developing cryptographic applications and components for the Java platform. The JCA is built around a provider-based architecture in order to allow for heterogeneous cryptography implementations.
The Apache XML Security project makes use of the JCA to provide implementations of W3C XML security standards such as XML-Signature and XML-Encryption.
This article discussed how to create tools and applications to manage the complexities of XML encryption using the Java programming language and the Apache XML Security framework.