Confidentiality: XML Encryption

Like any other communication on the Internet, any XML document can be encrypted in its entirety and sent across the wire to be decrypted at the other end. The problem with this, however, is that encrypting obfuscates the entire message. Frequently, parts of an XML message need to be sent in the clear. For example, SOAP is an XML format that computers use to exchange remote procedure calls over the Web. In use, all or part of the body of a SOAP message may need protection but the headers must be sent in the clear so that intermediaries can see routing and other information.

Alternately, the channel could be encrypted—using SSL, for example—ensuring that any message transferred across that channel is protected in transit. The problem with channel encryption is that the message is in the clear on any intermediate machines. To get around these problems, the XML Encryption standard is designed to allow partial encryption of an XML document.

Like the XML Signature standard, the XML Encryption standard has many parts to deal with multiple contingencies, but understanding the core functionality is not difficult. Any encrypted data in an XML document is identified using the <EncryptedData/> element. The <EncryptedData/> element consists of two parts:

As an example of how XML Encryption might be used, consider an online payment system that transmits an order by using an XML document. The order document contains all the information about the order and includes the credit card information for the purchaser in a <PaymentInfo/> element. We would like most of the order to be left in the clear so that it can be processed, but would like to protect the credit card information and decrypt it only when the payment is processed. XML Encryption allows us to do that. The following is an example of an <EncryptedData/> element inside the <PaymentInfo/> element:

    <PaymentInfo>
      <CardName>John Smith</CardName>
      <BillingAddress>...</BillingAddress>
      <EncryptedData
          Type='http://www.w3.org/2001/04/xmlenc#Element'
          xmlns='http://www.w3.org/2001/04/xmlenc#'>
        <CipherData>
          <CipherValue>sh748fjl4...</CipherValue>
        </CipherData>
      </EncryptedData>
    </PaymentInfo>

In this example, the cipher value field would hold the encrypted credit card number and expiration date. I've left out the <EncryptionMethod/> element in this example, because we can presume that the information is encrypted and decrypted by systems under the control of a single organization that has set the method and controls the keys. The values will be available only to processes that possess the private key for the payment system.