XML Encryption

From HandWiki - Reading time: 2 min

XML Encryption, also known as XML-Enc, is a specification, governed by a W3C recommendation, that defines how to encrypt the contents of an XML element. Although XML Encryption can be used to encrypt any kind of data, it is nonetheless known as "XML Encryption" because an XML element (either an EncryptedData or EncryptedKey element) contains or refers to the cipher text, keying information, and algorithms.

Both XML Signature and XML Encryption use the KeyInfo element, which appears as the child of a SignedInfo, EncryptedData, or EncryptedKey element and provides information to a recipient about what keying material to use in validating a signature or decrypting encrypted data.

The KeyInfo element is optional: it can be attached in the message, or be delivered through a secure channel.

XML Encryption is different from and unrelated to Transport Layer Security, which is used to send encrypted messages (including xml content, both encrypted and otherwise) over the internet.

It has been reported that this specification has severe security concerns.[1][2]

References

External links





Licensed under CC BY-SA 3.0 | Source: https://handwiki.org/wiki/XML_Encryption
14 views | Status: cached on July 16 2024 12:34:55
↧ Download this article as ZWI file
Encyclosphere.org EncycloReader is supported by the EncyclosphereKSF