Scribd
Upload
41 views

XML Encryption

xml

Uploaded by

deba.nit20
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
41 views

XML Encryption

xml

Uploaded by

deba.nit20
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Web Service Security and

XML Encryption

Debachudamani Prusti
Roll no:517cs1018
Web Service
Specifications
• WS-Addressing
• WS-Reliable Messaging
• WS-Policy Framework
• WS-Metadata Exchange
• WS-Security
• WS-Notification Framework
• WS-Eventing
Figure 7.1: Specifications and concepts of web service.
Security
Information needs to be secured from attacks
• Confidentiality- Concealment of sensitive information
• Integrity- Data must be updated/changed from the authorized body
• Availability- Data must be available to the authorized entity.
Security Specifications in SOA
• WS-Security
• WS-SecurityPolicy
• WS-Trust
• WS-SecureConversation
• WS-Federation
• Extensible Access Control Markup Language (XACML)
• Extensible Rights Markup Language (XrML)
• XML Key Management (XKMS)
• XML-Signature
• XML-Encryption
• Security Assertion Markup Language (SAML)
• .NET Passport
• Secure Sockets Layer (SSL)
• WS-I Basic Security Profile
Encryption
P= Plain Text= Message= Readable format
C= Cipher Text= Cryptic Text= Unreadable format
Encipherment= Encryption= E(P)= C
Decipherment= Decryption= D(C)= D(E(P))= P
Some Encryption Algorithms are:
a) Private Key encryption
b) Public Key encryption
c) Digital Signature
d) Hashing
XML Encryption
• Defines how to encrypt the contents of an XML element

• Either an <EncryptedData> or <EncryptedKey> element


• while encrypting an XML document’s element content, we
must replace the plaintext content with <EncryptedData>
elements

• Sensitive data is easily interchanged between applications


Continued…
• Enables encryption of specified portions of a document, leaving the
rest of the document in its original form
• Does not support the encryption of attributes
• Both symmetric and asymmetric encryption can be used
• The ability to encrypt partial documents is unique to XML encryption
XML Encryption Interoperability

 XML encryption is interoperable with XML Signature.


 However, if we want to encrypt and sign a document, we
must always encrypt the document before signing it.
 This is because the digest, generated for the digital
signature, may give clues about the unencrypted contents
of a document.
XML Encryption structure
<enc:EncryptedData Id? Type? MimeType?>
<enc:EncryptionMethod Algorithm />?
<dsig:KeyInfo>?
<enc:CipherData>
<enc:CipherValue>?
<enc:CipherReference URI?>?
</enc:CipherData>
<enc:EncryptionProperties>?
</enc:EncryptedData>
XML Encryption process
1. Select the key algorithm to use in encrypting the item.
2. Obtain the key cipher and create DS: KeyInfo if necessary
3. Encrypt the data by generating Encryption key
4. Specify Encryption algorithm
5. Build CipherData element
6. Build EncryptedData or EncryptedKey structure
XML Encryption example
<payment>
<order_number>1001</order_number>
<customer>John Smith</customer>
<creditcard>
<number>1000 1234 5678 0001</number>
<expiration_month>02</expiration_month>
<expiration_year>2018</expiration_year>
<ccv2>123</ccv2>
</creditcard>
</payment>
Encryption of XML Element
Original/Decrypted Encrypted

<?xml version="1.0" ?> <?xml version="1.0" ?>


<Customers> <Customers>
<Customer>
<Customer>
<Name><EncryptedData…></Name>
<Name>John smith</Name> <CreditCard>
<CreditCard> <Number><A23B45C56…></Number>
<Number>1000 1234 5678 0001</Number> <ExpiryDate> 2003 June 30 </ExpiryDate>
<ExpiryDate>2003 June 30 </ExpiryDate> </CreditCard>
</CreditCard> </Customer>
...
</Customer>
</Customers>
...
</Customers>
Step by step encryption
1: Specify key algorithm
2: Initialize KeyCipher

// get algorithm
String algo =
XMLCipher.TRIPPELDES_KeyWrap;

// construct XMLCipher
XMLCipher c = XMLCipher.getInstance(algo);
Step by step encryption
3: Generate encryption key
4: Specify encryption algorithm
KeyGenerator kg =
KeyGenerator.getInstance(“DES”);
SecretKey sk = kg.generateKey();

XMLCipher keyCipher =
XMLCipher.getInstance(algo);
Key symmKey = //as in generate key
encryption key
keyCipher.init(XMLCipher.WRAP_MODE, symmKey);
EncryptedKey encryptedKey =
keyCipher.encryptKey(document, symmKey);
Step by step encryption
5: Initialize XMLCipher
XMLCipher xmlCipher =
XMLCipher.getInstance(XMLCipher.AES_128)
xmlCipher.init(XMLCipher.ENCRYPT_MODE,
symmKey);
6: encryption
EncryptedData d = xmlCipher.getEncryptedData();
KeyInfo keyInfo = new KeyInfo(document);
keyInfo.add(encryptedKey);
d.setKeyInfo(keyInfo);
Steps involved in Decryption
1: Get the element that need to be decrypted

2: Get the key

3: Decrypt

You might also like