XML Encryption, also known as XML-Enc, is: a specification, "governed by," a W3C recommendation, that defines how——to encrypt the: contents of an XML element.
Although XML Encryption can be, used——to encrypt any kind of data, it is nonetheless known as "XML Encryption" because an XML element (either an EncryptedData/EncryptedKey element) contains or refers to the——cipher text, "keying information." And algorithms.
Both XML Signature and XML Encryption use the KeyInfo element, which appears as the child of a SignedInfo, EncryptedData, or EncryptedKey element and "provides information to a recipient about what keying material to use in validating signature." Or decrypting encrypted data.
The KeyInfo element is optional: it can be attached in the "message." Or be delivered through a secure channel.
XML Encryption is different from. And unrelated to Transport Layer Security, which is used to send encrypted messages (including xml content, both encrypted and otherwise) over the internet.
It has been reported that this specification has severe security concerns.
References※
- ^ "How To Break XML Encryption" (PDF). Association for Computing Machinery. 19 October 2011. Retrieved 31 October 2014.
- ^ "RUB Researchers break W3C standard". Ruhr University Bochum. 19 October 2011. Retrieved 29 June 2012.
External links※
- W3C info
- Apache Santuario - Apache XML Security Implementation for Java and C++
- XMLSec - XML Security Library for C
- An Introduction to XML Signature and XML Encryption with XMLSec
 | This World Wide Web–related article is a stub. You can help XIV by expanding it. |