XML Encryption
   HOME

TheInfoList



Click Here for Items Related To - XML Encryption
OR:
XML Encryption on:   [Wikipedia]   [Google]   [Amazon]

XML Encryption, also known as XML-Enc, is a specification, governed by a
W3C The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. Founded in 1994 and led by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working to ...
recommendation, that defines how to encrypt the contents of an
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. T ...
element. Although XML Encryption can be used to encrypt any kind of data, it is nonetheless known as "XML Encryption" because an XML element (either an EncryptedData or EncryptedKey element) contains or refers to the cipher text, keying information, and algorithms. Both
XML Signature XML Signature (also called ''XMLDSig'', ''XML-DSig'', ''XML-Sig'') defines an XML syntax for digital signatures and is defined in the W3C recommendationbr>XML Signature Syntax and Processing Functionally, it has much in common with PKCS #7 but is ...
and XML Encryption use the KeyInfo element, which appears as the child of a SignedInfo, EncryptedData, or EncryptedKey element and provides information to a recipient about what keying material to use in validating a signature or decrypting encrypted data. The KeyInfo element is optional: it can be attached in the message, or be delivered through a secure channel. XML Encryption is different from and unrelated to
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
, which is used to send encrypted messages (including xml content, both encrypted and otherwise) over the internet. It has been reported that this specification has severe security concerns.


References


External links


W3C info

Apache Santuario - Apache XML Security Implementation for Java and C++

XMLSec - XML Security Library for C


XML Cryptography standards XML-based standards {{web-stub