XML encryption
XML encryption is a spec that was developed by World Wide Web (WWW) Consortium (W3C) in 2002 and that contains the steps to encrypt data, the steps to decrypt encrypted data, the XML syntax to represent encrypted data, the information to be used to decrypt the data, and a list of encryption algorithms, such as triple DES, AES, and RSA.
We can apply XML encryption to an XML element, XML element content, and arbitrary data, including an XML document. For example, suppose that we need to encrypt the <CreditCard> element that is shown in example 1.
Example 1: Sample XML document
<PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo>Example 2: XML document with a common secret key
Example 2 shows the XML document after encryption. The <EncryptedData> element represents the encrypted <CreditCard> element. The <EncryptionMethod> element describes the applied encryption algorithm, which is triple DES in this example. The <KeyInfo> element contains the information that is needed to retrieve a decryption key, which is a <KeyName> element in this example. The <CipherValue> element contains the cipher text that is obtained by serializing and encrypting the <CreditCard> element.
<PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/> <KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'> <KeyName>John Smith</KeyName> </KeyInfo> <CipherData> <CipherValue>ydUNqHkMrD...</CipherValue> </CipherData> </EncryptedData> </PaymentInfo>Example 3: XML document encrypted with the public key of the recipient
In example 2, it is assumed that both the sender and recipient have a common secret key. If the recipient has a public and private key pair, which is commonly the case, the <CreditCard> element can be encrypted as shown in example 3. The <EncryptedData> element is the same as the <EncryptedData> element found in Example 2. However, the <KeyInfo> element contains an <EncryptedKey> element.
<PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/> <KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'> <EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5'/> <KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'> <KeyName>Sally Doe</KeyName> </KeyInfo> <CipherData> <CipherValue>yMTEyOTA1M...</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>ydUNqHkMrD...</CipherValue> </CipherData> </EncryptedData> </PaymentInfo>XML Encryption in the WSS-Core
The WSS-Core spec is under development by Organization for the Advancement of Structured Information Standards (OASIS). The specification describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. The message confidentiality is realized by encryption based on XML Encryption.
The WSS-Core spec supports encryption of any combination of body blocks, header blocks, their substructures, and attachments of a SOAP message. When you encrypt parts of a SOAP message, the spec also requires that you prepend a reference from the security header block to the encrypted parts of the message. The reference can be a clue for a recipient to identify which encrypted parts of the message to decrypt.
The XML syntax of the reference varies according to what information is encrypted and how it is encrypted. For example, suppose that the <CreditCard> element in example 4 is encrypted with either a common secret key or the public key of the recipient.
Example 4: Sample SOAP V1.1 message
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'> <SOAP-ENV:Body> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo> </SOAP-ENV:Body> </SOAP-ENV:Envelope>SOAP V1.2 does not support encodingStyle so the example changes to the following:<SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'> <SOAP-ENV:Body> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo> </SOAP-ENV:Body> </SOAP-ENV:Envelope>The resulting SOAP messages are shown in Examples 5 and 6. In these example, the <ReferenceList> and <EncryptedKey> elements are used as references, respectively.
Example 5: SOAP V1.1 message encrypted with a common secret key
<SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'> <SOAP-ENV:Header> <Security SOAP-ENV:mustUnderstand='1' xmlns='http://schemas.xmlsoap.org/ws/2003/06/secext'> <ReferenceList xmlns='http://www.w3.org/2001/04/xmlenc#'> <DataReference URI='#ed1'/> </ReferenceList> </Security> </SOAP-ENV:Header> <SOAP-ENV:Body> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Id='ed1' Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/> <KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'> <KeyName>John Smith</KeyName> </KeyInfo> <CipherData> <CipherValue>ydUNqHkMrD...</CipherValue> </CipherData> </EncryptedData> </PaymentInfo> </SOAP-ENV:Body> </SOAP-ENV:Envelope>SOAP V1.2 does not support encodingStyle and the example changes to the following:
<SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'> <SOAP-ENV:Header> <Security SOAP-ENV:mustUnderstand='1' xmlns='http://schemas.xmlsoap.org/ws/2003/06/secext'> <ReferenceList xmlns='http://www.w3.org/2001/04/xmlenc#'> <DataReference URI='#ed1'/> </ReferenceList> </Security> </SOAP-ENV:Header> <SOAP-ENV:Body> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Id='ed1' Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/> <KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'> <KeyName>John Smith</KeyName> </KeyInfo> <CipherData> <CipherValue>ydUNqHkMrD...</CipherValue> </CipherData> </EncryptedData> </PaymentInfo> </SOAP-ENV:Body> </SOAP-ENV:Envelope>Example 6: SOAP message encrypted with the public key of the recipient
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'> <SOAP-ENV:Header> <Security SOAP-ENV:mustUnderstand='1' xmlns='http://schemas.xmlsoap.org/ws/2003/06/secext'> <EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5'/> <KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'> <KeyName>Sally Doe</KeyName> </KeyInfo> <CipherData> <CipherValue>yMTEyOTA1M...</CipherValue> </CipherData> <ReferenceList> <DataReference URI='#ed1'/> </ReferenceList> </EncryptedKey> </Security> </SOAP-ENV:Header> <SOAP-ENV:Body> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Id='ed1' Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/> <CipherData> <CipherValue>ydUNqHkMrD...</CipherValue> </CipherData> </EncryptedData> </PaymentInfo> </SOAP-ENV:Body> </SOAP-ENV:Envelope>SOAP V1.2 does not support encodingStyle and the example changes to the following:
<SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'> <SOAP-ENV:Header> <Security SOAP-ENV:mustUnderstand='1' xmlns='http://schemas.xmlsoap.org/ws/2003/06/secext'> <EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5'/> <KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'> <KeyName>Sally Doe</KeyName> </KeyInfo> <CipherData> <CipherValue>yMTEyOTA1M...</CipherValue> </CipherData> <ReferenceList> <DataReference URI='#ed1'/> </ReferenceList> </EncryptedKey> </Security> </SOAP-ENV:Header> <SOAP-ENV:Body> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData Id='ed1' Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/> <CipherData> <CipherValue>ydUNqHkMrD...</CipherValue> </CipherData> </EncryptedData> </PaymentInfo> </SOAP-ENV:Body> </SOAP-ENV:Envelope>Relationship to digital signature
The WSS-Core spec also provides message integrity, which is realized by a digital signature that is based on the XML-Signature specification.
A combination of encryption and digital signature over common data introduces cryptographic vulnerabilities.
Symmetric versus asymmetric encryption
For XML encryption, the appserver supports two types of encryption:
- Symmetric encryption
In releases of the appserver prior to WAS V7, including the IBM WAS V 6.1 Feature Pack for Web Services, by default the KeyName reference was used to refer to the shared key outside of the SOAP message. However, the WS-Security V1.1 standard does not recommend using the KeyName reference. Because KeyName is not supported by the security policy, it is not supported in the appserver.
The Web Services Secure Conversation (WS-SecureConversation) standard defines how to exchange the shared key between the client and the service and how to refer to the shared key in the message.
The use of Kerberos with WS-Security, as described in the Kerberos Token Profile, also defines how to use a Kerberos session key or key derived from the session key to perform symmetric encryption. Therefore, we can use symmetric encryption by using WS-SecureConversation or Kerberos.
WAS supports DerivedKeyToken when using WS-SecureConversation. When using Kerberos, WAS supports both the use of DerivedKeyToken and the use of the Kerberos session key directly.
- Asymmetric encryption
For asymmetric encryption, XML Encryption introduces the idea of key wrapping. The data, such as the contents of the SOAP body element, is encrypted with a shared key that is dynamically generated while processing. Then, the generated shared key is encrypted with the public key of the receiver. WAS supports the X509Token for asymmetric encryption.
Related concepts
WS-Security provides message integrity, confidentiality, and authentication
Related information
WS-Security: SOAP Message Security 1.1 4 OASIS Standard Specification, 1 February 2006