Features and algorithms
|
Key Word
|
XMLSec with OpenSSL |
XMLSec with GnuTLS(0) |
XMLSec with NSS(0) |
Laxly
valid schema generation of EncryptedData
/EncryptedKey
|
MUST
|
Y
|
Y
|
Y |
- Normalized Form C generations.
|
SHOULD
|
Y
|
Y |
Y |
Type,
MimeType, and Encoding
|
MUST
|
Y
|
Y |
Y |
CipherReference URI derefencing
|
MUST
|
Y
|
Y |
Y |
|
OPTIONAL
|
Y
|
Y |
Y |
ds:KeyInfo
|
MUST
|
Y
|
Y |
Y |
|
OPTIONAL
|
N
|
N
|
N
|
|
RECOMMENDED
|
Y
|
Y |
Y |
|
REQUIRED
|
Y
|
Y |
Y |
ReferenceList
|
OPTIONAL
|
N
|
N
|
N
|
EncryptionProperties
|
OPTIONAL
|
Y
|
Y |
Y |
Satisfactory Performance
|
(required!)
|
Y
|
Y |
Y |
Required
Type support: Element and Content.
|
MUST
|
Y
|
Y |
Y |
Encryption
|
MUST
|
Y
|
Y |
Y |
- Serialization of XML Element and Content.
- NFC conversion from non-Unicode encodings.
|
MAY
MUST
|
Y
|
Y |
Y |
- Encryptor returns EncryptedData structure.
|
MUST
|
Y
|
Y |
Y |
- Encryptor replaces EncryptedData into source
document (when Type is Element or Content).
|
SHOULD
|
Y
|
Y |
Y |
Decryption
|
MUST
|
Y
|
Y |
Y |
- The decryptor returns the data and its Type to the
application (be it an octet sequence or key value).
|
MUST
|
Y
|
Y |
Y |
- If data is Element or Content the decryptor return
the UTF-8 encoding XML character data.
|
MUST
|
Y
|
Y |
Y |
- If data is Element or Content the decryptor
replaces the EncryptedData in the source document with
the decrypted data.
|
SHOULD
|
Y
|
Y |
Y |
TRIPLEDES
|
REQUIRED
|
Y
|
Y |
Y |
AES-128
|
REQUIRED
|
Y
|
Y |
Y |
AES-256
|
REQUIRED
|
Y
|
Y |
Y |
AES-192
|
OPTIONAL
|
Y
|
Y |
Y |
RSA-v1.5 (192 bit keys for
AES or DES)
|
REQUIRED
|
Y
|
N
|
N |
RSA-OAEP (128 and 256 bit keys for AES)
|
REQUIRED
|
Y(1)
|
N |
N |
Diffie-Hellman Key Agreement
|
OPTIONAL
|
N
|
N |
N |
TRIPLEDES Key Wrap
|
REQUIRED
|
Y
|
N |
N |
AES-128 Key Wrap (128 bit keys)
|
REQUIRED
|
Y
|
N |
N |
AES-256 Key Wrap (256 bit keys)
|
REQUIRED
|
Y
|
N |
N |
AES-192 Key Wrap
|
OPTIONAL
|
Y
|
N |
N |
SHA1
|
REQUIRED
|
Y
|
Y
|
Y
|
SHA256
|
RECOMMENDED
|
N
|
N |
N |
SHA512
|
OPTIONAL
|
N
|
N |
N |
RIPEMD-160
|
OPTIONAL
|
Y
|
Y
|
Y
|
XML Digital Signature
|
RECOMMENDED
|
Y
|
Y
|
Y
|
Decryption Transform for XML Signature
|
RECOMMENDED
|
N
|
N |
N |
- XPointer support in
Except URI .
|
OPTIONAL
|
N
|
N |
N |
Canonical XML
(with and without comments)
|
OPTIONAL
|
Y
|
Y
|
Y |
Exclusive Canonicalization (with and without comments)
|
OPTIONAL
|
Y
|
Y |
Y |
base64 Encoding
|
REQUIRED
|
Y
|
Y |
Y |