Jump to: navigation, search

XST Project/UserGuide/Encryption

Revision as of 07:22, 22 November 2009 by Info.xml-sicherheit.de (Talk | contribs) (Resource and Encryption Type)

XML Encryption Wizard


The XML Encryption Wizard consists of three pages, with a variable second page depending on the chosen keystore/ key option. To launche the wizard you either have to select an XML document in one of the supported views in the XML perspective or open an XML document in the WTP XML editor (in any perspective). Open the context menu, choose XML Security and click on New Encryption.... In order to encrypt a selected XML fragment select the desired document part in the editor and launch the wizard as described before. The selection has to exist before launching the wizard, and it has to be well-formed: in case a start-tag is selected the end-tag must be selected too. Encrypting only text-content of an element is possible too.

Resource and Encryption Type

This is the first page of the XML Encryption Wizard. You'll have to select the resource you want to encrypt, the encryption type, the keystore/ key option and the Basic Security Profile option.

XML Encryption Wizard page 1

Resource It is possible to encrypt the complete document, the selected text or a document fragment specified by an XPath expression. The complete document is always possible. For a text selection this selection has to exist before launching the wizard and it has to be well-formed. XPath is always possible too. You can either enter an XPath expression in the textfield or you can select one in the dialog after clicking on the Browse... button. The XPath expression has to return exactly one element or element content. Encrypting attributes is not supported.

Encryption Type The normal encryption type is a so called enveloping encryption, where the encrypted data is contained in the original document (it replaces the plain XML). A detached encryption doesn't encrypt the XML document you have chosen. Instead the data in the specified additional file here gets encrypted. Both documents will be changed. File A remains in plain XML, but does contain the encryption information for file B that gets encrypted (a detached encryption requires the whole document to be encrypted).

Keystore and Key The chosen option here sets the following wizard page. You can either select to Use a key from an existing keystore, to Insert a new key in an existing keystore or to Create a new key and a new keystore.

Keystore and Key

Use a key from an existing keystore

Insert a new key in an existing keystore

Create a new key and a new keystore

Algorithms and Encryption Properties