In “Secure your XML documents with signatures,” we talked about using the XML Signature protocol to ensure the authenticity of a full or partial XML document. Sometimes, however, you need to provide additional security for your XML documents. When sending sensitive information such as account numbers and credit card data, you must be able to control who has access. The XML Encryption protocol can help you secure your XML data.
The basic premise of XML Encryption is that you can create a cipher (a string of encrypted data) and store it in an XML document. In addition to the cipher, you can store information about the encryption method and encryption keys. The encrypted data is placed in an <EncryptedData> element, which can exist in several places in the XML document.
When encoding arbitrary data that is not related to XML, the <EncryptedData> element becomes the root element of a new XML document. If the arbitrary data is actually the content of an element in an XML document, the <EncryptedData> might be placed in that element instead of the content of the particular element. Finally, an <EncryptedData> element can also be used to replace an entire element from start tag to end tag, including all subelements.
Like the XML Signature protocol, XML Encryption specifies the rules used to process raw data into encrypted XML and to cipher data back into raw data. The encrypted data, or cipher value, can be stored in the <EncryptedData> element as a <CipherValue>; however, the encrypted data may also be included via a reference URL using the <CipherReference> element. This allows the sender to maintain an extra layer of control over the data being sent. For example, by referencing an authenticated URL, the cipher data is protected so that only authorized users can obtain the encrypted data.
As mentioned earlier, the encrypted data is stored in the XML document as an <EncryptedData> element. This element consists of several subelements that contain information about the encrypted data, including key information and the actual cipher (or reference to it).
Let's look at an example of using encrypted data. First, we'll examine a sample XML document that contains some sensitive information we want to encrypt. In this case, we want to encrypt the customer's Social Security number. Here's a sample of the XML data before encryption:
In this example, the <CustomerData> element contains information related to the particular customer, including the AccountNumber and SocialSecurityNumber. In this scenario, the CustomerName and AccountNumber elements do not need to be encrypted, but the customer's SocialSecurityNumber does. Below is an example of the encrypted version of this XML document:
As you can see, the entire <SocialSecurityNumber> element has been replaced by an <EncryptedData> element. When the document is decrypted, the <EncryptedData> section will be processed and deciphered, and the resulting <SocialSecurityNumber> element will be restored.
A few online resources offer more information regarding XML Encryption. The best place to start is with the specifications available at The W3C XML Encryption Working Group.
IBM has a security suite available that takes advantage of XML Encryption and implements the encryption and decryption engine. Information is available at the alphaWorks XML Security Suite page.
Keep it safe
With more data being sent across the Internet as XML documents, many organizations have a responsibility to protect their own and their customers' data. XML Encryption provides organizations with some assurance that sensitive data can be transmitted without the risk of exposure.