Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Managing XML Encryption with Java : Page 6

XML is a text format, and as such, provides no wire security by itself; however, using standard Java encryption techniques, you can transmit and receive XML securely.




Full Text Search: The Key to Better Natural Language Queries for NoSQL in Node.js

Performing XML Decryption using Apache XML Security
The DecryptTool class performs the steps in reverse: It reads an encrypted file from disk, decrypts the contents of the file using a previously stored key, and then stores the decrypted file to disk. The imports statements are similar to those used in the EncryptTool, and you can download the source code so I won't show them here.

You initialize the Apache XML Security Framework to the default values using the same code as was used to encrypt the data earlier.

static { org.apache.xml.security.Init.init(); }

Next, you load the encrypted document from a file. The following method reads and parses the XML file to be decrypted, creating and returning a DOM document.

private static Document loadEncryptedFile( String fileName) throws Exception { File encryptedFile = new File(fileName); javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers. DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); javax.xml.parsers.DocumentBuilder builder = dbf.newDocumentBuilder(); Document document = builder.parse(encryptedFile); System.out.println( "Encryption document loaded from: " + encryptedFile.toURL().toString()); return document; }

The following method reads a previously stored key from a file. You'll use it to decrypt the encrypted data-decryption key.

private static SecretKey loadKeyEncryptionKey() throws Exception { String fileName = "keyEncryptKey"; String jceAlgorithmName = "DESede"; File kekFile = new File(fileName); DESedeKeySpec keySpec = new DESedeKeySpec( JavaUtils.getBytesFromFile(fileName)); SecretKeyFactory skf = SecretKeyFactory.getInstance(jceAlgorithmName); SecretKey key = skf.generateSecret(keySpec); System.out.println("Key encryption key loaded from: " + kekFile.toURL().toString()); return key; }

To write the decrypted document to a file, use the following method.

private static void writeDecryptedDocToFile( Document doc, String fileName) throws Exception { File encryptionFile = new File(fileName); FileOutputStream outStream = new FileOutputStream(encryptionFile); TransformerFactory factory = TransformerFactory.newInstance(); Transformer transformer = factory.newTransformer(); transformer.setOutputProperty( OutputKeys.OMIT_XML_DECLARATION, "no"); DOMSource source = new DOMSource(doc); StreamResult result = new StreamResult(outStream); transformer.transform(source, result); outStream.close(); System.out.println("Decrypted data written to: " + encryptionFile.toURL().toString()); }

Again, a main() method performs the necessary steps to decrypt an already encrypted XML file using a previously stored and encrypted key.

public static void main(String args[]) throws Exception {

First, it retrieves the XML file to be decrypted and parsed into a DOM document.

Document document = loadEncryptedFile(args[0]);

Next, it retrieves the encrypted data element from the DOM document.

String namespaceURI = EncryptionConstants.EncryptionSpecNS; String localName = EncryptionConstants._TAG_ENCRYPTEDDATA; Element encryptedDataElement = (Element)document.getElementsByTagNameNS( namespaceURI, localName).item(0);

Then, it retrieves the key that will be used to decrypt the data-decryption key from disk.

Key keyEncryptKey = loadKeyEncryptionKey();

The following block creates and initializes a cipher with the data-decryption key. The mode in this case is set to DECRYPT_MODE, because it will be used to decrypt the data.

XMLCipher xmlCipher = XMLCipher.getInstance(); xmlCipher.init(XMLCipher.DECRYPT_MODE, null); xmlCipher.setKEK(keyEncryptKey);

It calls the doFinal() method to perform the actual decryption.

xmlCipher.doFinal(document, encryptedDataElement);

And finally, it writes the decrypted document to a file.

writeDecryptedDocToFile(document, args[1]); } }

XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications.

The Java cryptography architecture (JCA) is a framework of classes, interfaces, and packages for developing cryptographic applications and components for the Java platform. The JCA is built around a provider-based architecture in order to allow for heterogeneous cryptography implementations.

The Apache XML Security project makes use of the JCA to provide implementations of W3C XML security standards such as XML-Signature and XML-Encryption.

This article discussed how to create tools and applications to manage the complexities of XML encryption using the Java programming language and the Apache XML Security framework.

Jeff Hanson has more than 18 years of experience in the software industry. He has worked as senior engineer for the Windows OpenDoc port and as lead architect for the Route 66 framework at Novell. He is currently Chief Architect for eReinsure, which specializes in providing frameworks and platforms for J2EE-based reinsurance systems. Jeff has also authored numerous articles and books.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date