XML Encryption:  Processing Rules for XML Elements and Content Nihar Ranjan Behera I/07/34
Overview <ul><li>The current XML Encryption Processing Rules (section 4) state that  </li></ul><ul><ul><li>when encrypting...
Overview Note:  I am not suggesting that XML Encryption specify an API design, absolutely NOT!  However, I don’t want XML ...
How the current Processing Rules work Original/Decrypted <?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?> <Custo...
What the code looks like Encrypting // Encrypt the content of the <CreditCard>/<Number> elements NodeIterator ni2 =  XPath...
Other processing scenarios Scenario A:  The XML source has no encrypted parts and is protected through authorization inste...
Scenario A:   SOAP msg w/ encrypted data  customer.xml (no encryption) Authorization control Credit card info app SOAP msg...
Scenario A: SOAP message <ul><li><?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?> </li></ul><ul><li><Envelope xm...
Scenario A code Encrypting // Encrypt the content of the 2nd <CreditCard>/<Number> element nodeToBeEncrypted = XPathAPI.se...
Scenario A code… Note: The preceding code works (uses IBM’s XSS4J) but, according to the spec, its illegal because the XML...
Scenario B: Encrypted customer DB 1.Select <Encrypted Data>node 2.  Dencrypt node (no replace)   and return to application...
Scenario B code Decrypting // Get the nodes to be decrypted Element elemEncryptedDataToDecrypt = (Element) DOMUtil.getElem...
Scenario B code… Don’t want to use decryptAndReplace() because I don’t want to modify the XML source. But XML Encryption d...
QAQ (Quietly Anticipated Questions) Question: Why not create a dummy document before and/or after encrypting? Answer:  Yes...
ANY QUESTION??
THANK U
Upcoming SlideShare
Loading in …5
×

Xml encryption

2,137 views

Published on

xml Security

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,137
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
85
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Xml encryption

  1. 1. XML Encryption: Processing Rules for XML Elements and Content Nihar Ranjan Behera I/07/34
  2. 2. Overview <ul><li>The current XML Encryption Processing Rules (section 4) state that </li></ul><ul><ul><li>when encrypting an XML document’s child elements or element content, one must replace the plaintext content with <EncryptedData> elements </li></ul></ul><ul><ul><li>when decrypting, decrypted <EncryptedData> elements (of type Element or Content) must be replaced by the revealed XML </li></ul></ul><ul><li>If the requirement for replacement is not intentional, we should fix the text. If the requirement is intentional, I propose that it may be too limiting. </li></ul>
  3. 3. Overview Note: I am not suggesting that XML Encryption specify an API design, absolutely NOT! However, I don’t want XML Encryption to unnecessarily restrict API designs either. Note 2: Slides with detailed code are included for completeness; they are not essential for understanding this topic.
  4. 4. How the current Processing Rules work Original/Decrypted <?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?> <Customers> <Customer> <Name>Jose Aznar</Name> <CreditCard> <Number> 1000 1234 5678 0001 </Number> <ExpiryDate> 2003 June 30 </ExpiryDate> </CreditCard> </Customer> . . . </Customers> Encrypted <?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?> <Customers> <Customer> <Name> <EncryptedData…> </Name> <CreditCard> <Number> <EncryptedData…> </Number> <ExpiryDate> 2003 June 30 </ExpiryDate> </Customer> . . . </Customers>
  5. 5. What the code looks like Encrypting // Encrypt the content of the <CreditCard>/<Number> elements NodeIterator ni2 = XPathAPI.selectNodeIterator(doc,&quot;//CreditCard/Number&quot;); // Encrypt the nodes (only element content is encrypted) while ((node = ni2.nextNode())!= null) { System.out.print(&quot;.&quot;); xmlencEncryptor. encryptAndReplace ((Element)node, true, getEncryptedDataTemplate(desKey, true), desKey); Decrypting // Get the nodes to be decrypted NodeList nl2 = DOMUtil.getElementsByTagNameNS( doc, XEncryption.XMLENC_NS, &quot;EncryptedData&quot;); // Decrypt for (int i = 0; i < nl2.getLength(); i++) { System.out.print(&quot;.&quot;); Element el = (Element)nl2.item(i); xmlencDecryptor. decryptAndReplace (el); }
  6. 6. Other processing scenarios Scenario A: The XML source has no encrypted parts and is protected through authorization instead. However, there is an authorized app which selects certain credit card info for processing. It wants to query <CreditCard> elements and/or content, encrypt, and import the resulting <EncryptedData> element into a SOAP message. Scenario B: The XML source has encrypted elements and content accessible by a number of applications. When one of these applications queries an encrypted element, that app needs to decrypt the element but MUST NOT modify the source.
  7. 7. Scenario A: SOAP msg w/ encrypted data customer.xml (no encryption) Authorization control Credit card info app SOAP msg 1.Select node 2. Encrypt node (no replace) and return to application 3. Form SOAP msg
  8. 8. Scenario A: SOAP message <ul><li><?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?> </li></ul><ul><li><Envelope xmlns=&quot;http://www.w3.org/2001/06/soap-envelope&quot;> </li></ul><ul><li><Body> </li></ul><ul><li><VerifyCreditCardRequest xmlns=&quot;http://…/actions&quot;> </li></ul><ul><li><EncryptedData Type=&quot;NodeList“ xmlns=&quot;http://…/xmlenc&quot;> </li></ul><ul><li><EncryptionMethod Algorithm=&quot;urn:nist-gov:tripledes…&quot;> </li></ul><ul><li><IV>adCwS3wowQ8=</IV> </li></ul><ul><li></EncryptionMethod> </li></ul><ul><li>… <CipherData>Ynj…M1f</CipherData>… </li></ul><ul><li></EncryptedData> </li></ul><ul><li></VerifyCreditCardRequest> </li></ul><ul><li></Body> </li></ul><ul><li></Envelope> </li></ul>
  9. 9. Scenario A code Encrypting // Encrypt the content of the 2nd <CreditCard>/<Number> element nodeToBeEncrypted = XPathAPI.selectSingleNode(doc, &quot;//Customer[2]/CreditCard/Number&quot;); // Encrypt the nodes (whole elements are encrypted) Element elemEncryptedData = xmlencEncryptor. encrypt ((Element)nodeToBeEncrypted, false, getEncryptedDataTemplate(desKey, false), desKey); Document docSoap = new DocumentImpl(); Element elemEnvelope = docSoap.createElement(&quot;Envelope&quot;); Element elemBody = docSoap.createElement(&quot;Body&quot;); Element elemBodyChild = docSoap.createElement(&quot;VerifyCreditCardRequest&quot;); Node nodeImported = docSoap. importNode (elemEncryptedData, true); elemBodyChild.appendChild(nodeImported); elemBody.appendChild(elemBodyChild); elemEnvelope.appendChild(elemBody); docSoap.appendChild(elemEnvelope);
  10. 10. Scenario A code… Note: The preceding code works (uses IBM’s XSS4J) but, according to the spec, its illegal because the XML source is not being replaced.
  11. 11. Scenario B: Encrypted customer DB 1.Select <Encrypted Data>node 2. Dencrypt node (no replace) and return to application 3. Display info to authorized user customer.xml (encrypted) Credit card info app Interface to authorized user Customer name N Ranjan Credit card# 0048
  12. 12. Scenario B code Decrypting // Get the nodes to be decrypted Element elemEncryptedDataToDecrypt = (Element) DOMUtil.getElementsByTagNameNS(doc, XEncryption.XMLENC_NS, &quot;EncryptedData&quot;).item(5); Element elemIV = (Element) elemEncryptedDataToDecrypt.getElementsByTagName(&quot;IV&quot;).item(0); String strIV = elemIV.getFirstChild().getNodeValue(); Element elemCipherData = (Element) elemEncryptedDataToDecrypt.getElementsByTagName(&quot;CipherText&quot;).item(0); String strCipherData = elemCipherData.getFirstChild().getNodeValue(); javax.crypto.spec.IvParameterSpec ivparmspec = new javax.crypto.spec.IvParameterSpec(com.ibm.xml.dsig.Base64.decode(strIV)); Cipher desCipher = Cipher.getInstance(&quot;DESede/CBC/PKCS5Padding&quot;); desCipher.init(Cipher.DECRYPT_MODE, desKey, ivparmspec); byte[] bytesPlainData = desCipher.doFinal(com.ibm.xml.dsig.Base64.decode(strCipherData)); String strCreditCardNumber = new String(bytesPlainData);
  13. 13. Scenario B code… Don’t want to use decryptAndReplace() because I don’t want to modify the XML source. But XML Encryption doesn’t allow Toolkits to give me an alternative so I have to use low-level security APIs instead! Rather, XML Encryption should allow Toolkits to return the decrypted XML element or content without requiring replacement in the source.
  14. 14. QAQ (Quietly Anticipated Questions) Question: Why not create a dummy document before and/or after encrypting? Answer: Yes, one could create a dummy document and copy in the relevant elements before encrypting or decrypting and still conform to the XML Encryption spec as it currently stands. However, this would be inefficient and often inelegant. Question: The example code you showed doesn’t deal with more complex context situations such as inherited namespaces, default attributes, etc.. How will those artifacts affect the no-replacement processing of <EncryptedData> elements? Answer: I think this question will only be answered through more coding and application experience. There could be some issues that arise .
  15. 15. ANY QUESTION??
  16. 16. THANK U

×