XML Encryption
XML Encryption
standard specifies the process for encryptind data and representing the
result in XML document. The data may be an XML element, or an XML element
content, or any arbitrary data (including XML document).
XML Encryption Implementation and
Interoperability Report
Features and algorithms
|
Key Word
|
XMLSec with OpenSSL |
XMLSec with GnuTLS(0) |
XMLSec with NSS(0)
|
Laxly
valid schema generation of EncryptedData
/EncryptedKey
|
MUST
|
Y
|
Y
|
Y |
- Normalized Form C generations.
|
SHOULD
|
Y
|
Y |
Y |
Type,
MimeType, and Encoding
|
MUST
|
Y
|
Y |
Y |
CipherReference URI derefencing
|
MUST
|
Y
|
Y |
Y |
|
OPTIONAL
|
Y
|
Y |
Y |
ds:KeyInfo
|
MUST
|
Y
|
Y |
Y |
|
OPTIONAL
|
N
|
N
|
N
|
|
RECOMMENDED
|
Y
|
Y |
Y |
|
REQUIRED
|
Y
|
Y |
Y |
ReferenceList
|
OPTIONAL
|
N
|
N
|
N
|
EncryptionProperties
|
OPTIONAL
|
Y
|
Y |
Y |
Satisfactory Performance
|
(required!)
|
Y
|
Y |
Y |
Required
Type support: Element and Content.
|
MUST
|
Y
|
Y |
Y |
Encryption
|
MUST
|
Y
|
Y |
Y |
- Serialization of XML Element and Content.
- NFC conversion from non-Unicode encodings.
|
MAY
MUST
|
Y
|
Y |
Y |
- Encryptor returns EncryptedData structure.
|
MUST
|
Y
|
Y |
Y |
- Encryptor replaces EncryptedData into source
document (when Type is Element or Content).
|
SHOULD
|
Y
|
Y |
Y |
Decryption
|
MUST
|
Y
|
Y |
Y |
- The decryptor returns the data and its Type to the
application (be it an octet sequence or key value).
|
MUST
|
Y
|
Y |
Y |
- If data is Element or Content the decryptor return
the UTF-8 encoding XML character data.
|
MUST
|
Y
|
Y |
Y |
- If data is Element or Content the decryptor
replaces the EncryptedData in the source document with
the decrypted data.
|
SHOULD
|
Y
|
Y |
Y |
TRIPLEDES
|
REQUIRED
|
Y
|
Y |
Y |
AES-128
|
REQUIRED
|
Y
|
Y |
Y |
AES-256
|
REQUIRED
|
Y
|
Y |
Y |
AES-192
|
OPTIONAL
|
Y
|
Y |
Y |
RSA-v1.5 (192 bit keys for
AES or DES)
|
REQUIRED
|
Y
|
N
|
N |
RSA-OAEP (128 and 256 bit keys for AES)
|
REQUIRED
|
Y(1)
|
N |
N |
Diffie-Hellman Key Agreement
|
OPTIONAL
|
N
|
N |
N |
TRIPLEDES Key Wrap
|
REQUIRED
|
Y
|
N |
N |
AES-128 Key Wrap (128 bit keys)
|
REQUIRED
|
Y
|
N |
N |
AES-256 Key Wrap (256 bit keys)
|
REQUIRED
|
Y
|
N |
N |
AES-192 Key Wrap
|
OPTIONAL
|
Y
|
N |
N |
SHA1
|
REQUIRED
|
Y
|
Y
|
Y
|
SHA256
|
RECOMMENDED
|
N
|
N |
N |
SHA512
|
OPTIONAL
|
N
|
N |
N |
RIPEMD-160
|
OPTIONAL
|
Y
|
Y
|
Y
|
XML Digital Signature
|
RECOMMENDED
|
Y
|
Y
|
Y
|
Decryption Transform for XML Signature
|
RECOMMENDED
|
N
|
N |
N |
- XPointer support in
Except URI .
|
OPTIONAL
|
N
|
N |
N |
Canonical XML
(with and without comments)
|
OPTIONAL
|
Y
|
Y
|
Y |
Exclusive Canonicalization (with and without comments)
|
OPTIONAL
|
Y
|
Y |
Y |
base64 Encoding
|
REQUIRED
|
Y
|
Y |
Y |
|