1 / 18

XML Encryption

XML Encryption. Notes from http://www-106.ibm.com/developerworks/library/x-encrypt/index.html by Bilal Siddiqui And “Secure XML” by Eastlake and Niles Addison Wesley. Not a replacement for SSL. XML Encryption adds Encrypting part of the data being exchanged

shafira-sears
Download Presentation

XML Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. XML Encryption Notes from http://www-106.ibm.com/developerworks/library/x-encrypt/index.html by Bilal Siddiqui And “Secure XML” by Eastlake and Niles Addison Wesley

  2. Not a replacement for SSL • XML Encryption adds Encrypting part of the data being exchanged Secure sessions between more than two parties

  3. General Form 1 <EncryptedData> <CipherData> <CipherValue> Cipher Text Gibberish in Base 64 </CipherValue> </CipherData> </EncryptedData>

  4. General Form 2 <EncryptedData> <CipherData> <CipherReference> pointer (URL) to gibberish </CipherReference> </CipherData> </EncryptedData>

  5. EncryptedData is the core element • Replaces the encrypted element or • Serves as the new document root • May contain a KeyInfo element that describes the key needed for decryption (borrowed from XML Digital Signature)

  6. General Example (1) <MedInfo> <ID> <Name> <Address> </ID> <Medical>…</Medical> <Financial>…</Financial> </MedInfo>

  7. General Example (2) <MedInfo> <ID>….</ID> <EncryptedData> <KeyInfo> <KeyName>Medical </KeyInfo> <CipherData> <CipherValue> gibberish </EncryptedData>

  8. General Example (3) <Financial> <EncryptedData> <KeyInfo> <KeyName>Pay </KeyInfo> <CipherData> <CipherValue> gibberish </EncryptedData> </Finacial> </MedInfo>

  9. Detailed Example (Listing 1) <purchaseOrder> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> </Order> <Payment> <CardId>123654-8988889-9996874</CardId> <CardName>visa</CardName> <ValidDate>12-10-2004</ValidDate> </Payment> </purchaseOrder>

  10. Encrypting the Entire File (Listing 2) <?xml version='1.0' ?> <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.isi.edu/in-notes/iana/assignments/media-types/text/xml'> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> IANA = Internet Assigned Numbers Authority a function of The Internet Corporationfor Assigned Names and Numbers

  11. Encrypting The Payment (Listing 3) <?xml version='1.0' ?> <PurchaseOrder> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> </Order> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C564587</CipherValue> </CipherData> </EncryptedData> </PurchaseOrder> One element

  12. Encrypting Only the CardId (Listing 4) <?xml version='1.0' ?> <PurchaseOrder> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> </Order> <Payment> <CardId> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Content' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C564587</CipherValue> </CipherData> </EncryptedData> </CardId> <CardName>visa</CardName> <ValidDate>12-10-2004</CardName> </Payment> </PurchaseOrder>

  13. Encrypting Non-XML Data(Listing 5) <?xml version='1.0' ?> <EncryptedData xmlns='http://www.w3.org/2001/04/xmlen#' Type='http://www.isi.edu/in-notes/iana/assignments/media-types/jpeg' > <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData>

  14. Sending a public key(listing 6) <?xml version='1.0' ?> <SecureCommunicationDemonstration> <EncryptedKey CarriedKeyName="Muhammad Imran" xmlns='http://www.w3.org/2001/04/xmlenc#'> <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:KeyValue>1asd25fsdf2dfdsfsdfds2f1sd23 </ds:KeyValue> </ds:KeyInfo> </EncryptedKey> </SecureCommunicationDemonstration>

  15. Receiving a secret key encrypted to the public key (listing 7) <?xml version='1.0' ?> <SecureCommunicationDemonstration> <EncryptedKey CarriedKeyName="Imran Ali" xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm= "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <CipherData> <CipherValue>xyza21212sdfdsfs7989fsdbc </CipherValue> </CipherData> </EncryptedKey> </SecureCommunicationDemonstration>

  16. Data Encrypted to Secret Key (Listing 8) <?xml version='1.0' ?> <<SecureCommunicationDemonstration> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> <CardName>Visa</CardName> <ExpDate>10-10-2005</ExpDate> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc '/> <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:KeyName>Imran ali</ds:KeyName> </ds:KeyInfo> <CipherData> <CipherValue>A23B45C564587</CipherValue> </CipherData> </EncryptedData> </Order> </SecureCommunicationDemonstration>

  17. The future ? • Use XMLEncryption • Use XMLSignature • Use a new Public Key Infrastructure

  18. XMK Key Management Specification Holds keys, certificates and certificate revocation list XKMS PKI HOST Register key Revoke Certificate Recover Key X-KRSS XML Key Registration Service Specification Verify signature X-KISS XML Key Information Service Specification (SOAP) (SOAP) Signer Verifier Signed document (SOAP) Signer generates key pair or requests the pair from the PKI host Key registration request Certificate sent to Signer Signed document sent to Verifier Verifier requests certificate from PKI host Key and certificate sent to Verifier The Signer may request that a certificate be revoked The Signer may request copy of lost keys

More Related