RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Managing XML Encryption with Java : Page 6

XML is a text format, and as such, provides no wire security by itself; however, using standard Java encryption techniques, you can transmit and receive XML securely.

Performing XML Decryption using Apache XML Security
The DecryptTool class performs the steps in reverse: It reads an encrypted file from disk, decrypts the contents of the file using a previously stored key, and then stores the decrypted file to disk. The imports statements are similar to those used in the EncryptTool, and you can download the source code so I won't show them here.

You initialize the Apache XML Security Framework to the default values using the same code as was used to encrypt the data earlier.

Next, you load the encrypted document from a file. The following method reads and parses the XML file to be decrypted, creating and returning a DOM document.

      private static Document loadEncryptedFile(
         String fileName) throws Exception
         File encryptedFile = new File(fileName);
         javax.xml.parsers.DocumentBuilderFactory dbf =
         javax.xml.parsers.DocumentBuilder builder =
         Document document = builder.parse(encryptedFile);
            "Encryption document loaded from: " +
         return document;
The following method reads a previously stored key from a file. You'll use it to decrypt the encrypted data-decryption key.

      private static SecretKey loadKeyEncryptionKey()
         throws Exception
         String fileName = "keyEncryptKey";
         String jceAlgorithmName = "DESede";
         File kekFile = new File(fileName);
         DESedeKeySpec keySpec =
            new DESedeKeySpec(
         SecretKeyFactory skf =
         SecretKey key = skf.generateSecret(keySpec);
         System.out.println("Key encryption key loaded from: "
            + kekFile.toURL().toString());
         return key;
To write the decrypted document to a file, use the following method.

      private static void writeDecryptedDocToFile(
         Document doc, String fileName) throws Exception
         File encryptionFile = new File(fileName);
         FileOutputStream outStream =
            new FileOutputStream(encryptionFile);
         TransformerFactory factory =
         Transformer transformer = factory.newTransformer();
            OutputKeys.OMIT_XML_DECLARATION, "no");
         DOMSource source = new DOMSource(doc);
         StreamResult result = new StreamResult(outStream);
         transformer.transform(source, result);
         System.out.println("Decrypted data written to: " +
Again, a main() method performs the necessary steps to decrypt an already encrypted XML file using a previously stored and encrypted key.

      public static void main(String args[])
         throws Exception
First, it retrieves the XML file to be decrypted and parsed into a DOM document.

         Document document = loadEncryptedFile(args[0]);
Next, it retrieves the encrypted data element from the DOM document.

         String namespaceURI =
         String localName = EncryptionConstants._TAG_ENCRYPTEDDATA;
         Element encryptedDataElement =
            namespaceURI, localName).item(0);
Then, it retrieves the key that will be used to decrypt the data-decryption key from disk.

         Key keyEncryptKey = loadKeyEncryptionKey();
The following block creates and initializes a cipher with the data-decryption key. The mode in this case is set to DECRYPT_MODE, because it will be used to decrypt the data.

         XMLCipher xmlCipher = XMLCipher.getInstance();
         xmlCipher.init(XMLCipher.DECRYPT_MODE, null);
It calls the doFinal() method to perform the actual decryption.

         xmlCipher.doFinal(document, encryptedDataElement);
And finally, it writes the decrypted document to a file.

         writeDecryptedDocToFile(document, args[1]);
XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications.

The Java cryptography architecture (JCA) is a framework of classes, interfaces, and packages for developing cryptographic applications and components for the Java platform. The JCA is built around a provider-based architecture in order to allow for heterogeneous cryptography implementations.

The Apache XML Security project makes use of the JCA to provide implementations of W3C XML security standards such as XML-Signature and XML-Encryption.

This article discussed how to create tools and applications to manage the complexities of XML encryption using the Java programming language and the Apache XML Security framework.

Jeff Hanson has more than 18 years of experience in the software industry. He has worked as senior engineer for the Windows OpenDoc port and as lead architect for the Route 66 framework at Novell. He is currently Chief Architect for eReinsure, which specializes in providing frameworks and platforms for J2EE-based reinsurance systems. Jeff has also authored numerous articles and books.
Email AuthorEmail Author
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date