Git init

[external/xmlsec1.git] / docs / xmlenc.html

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>XML Security Library: XML Encryption</title>
</head>
<body><table witdh="100%" valign="top"><tr valign="top">
<td valign="top" align="left" width="210">
<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
<ul>
<li><a href="index.html">Home</a></li>
<li><a href="download.html">Download</a></li>
<li><a href="news.html">News</a></li>
<li><a href="documentation.html">Documentation</a></li>
<ul>
<li><a href="faq.html">FAQ</a></li>
<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
<li><a href="api/xmlsec-reference.html">API reference</a></li>
<li><a href="api/xmlsec-examples.html">Examples</a></li>
</ul>
<li><a href="xmldsig.html">XML Digital Signature</a></li>
<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
<li><a href="xmlenc.html">XML Encryption</a></li>
<li><a href="c14n.html">XML Canonicalization</a></li>
<li><a href="bugs.html">Reporting Bugs</a></li>
<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
<li><a href="related.html">Related</a></li>
<li><a href="authors.html">Authors</a></li>
</ul>
<table width="100%">
<tr>
<td width="15"></td>
<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
</tr>
<tr>
<td width="15"></td>
<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
</tr>
<tr>
<td width="15"></td>
<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
</tr>
<!--Links - start--><!--Links - end-->
</table>
</td>
<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent"><div align="center">
            <h2> XML Encryption </h2>
<div align="left">
<a href="http://www.w3.org/TR/xmlenc-core">XML Encryption 1.0</a> standard
specifies
the process for encryptind data and representing the result in XML
document.
The data may be an XML element, or an XML element content, or any
arbitrary
data (including XML document). </div>
            <div align="center">
            <h3>XML Security Library Interoperability Report</h3>
            <h4 style="text-align: center;">XML Encryption 1.0 (<a href="http://www.w3.org/TR/xmlenc-core/">W3C Recommendation</a>)</h4>
            </div>
            <div align="center">
            <p> </p>
            <table style="width: 85%;" border="1" cellpadding="2" cellspacing="2"><tbody>
<tr>
<td style="width: 40%;" align="left" valign="top"><b>Features
and
algorithms<br></b></td>
                  <td align="left" valign="top"> <b>XMLSec with OpenSSL</b>
                  </td>
                  <td style="vertical-align: top;"><b>XMLSec with GnuTLS</b></td>
                  <td style="vertical-align: top;"> <b>XMLSec with NSS</b>
                  </td>
                  <td style="vertical-align: top;"> <b>XMLSec with
MSCrypto</b> </td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">Laxly
valid
schema generation of EncryptedData
/EncryptedKey <br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> Normalized Form C generations. </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">Type,
MimeType,
and Encoding <br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">CipherReference
URI derefencing <br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> Transforms </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">ds:KeyInfo
                  <br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> enc:DHKeyValue </li>
                  </ul>
</td>
                  <td align="left" valign="top">N<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> ds:KeyName </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> ds:RetrievalMethod </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">ReferenceList
                  <br>
</td>
                  <td align="left" valign="top">N<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">EncryptionProperties
                  <br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">Satisfactory
Performance<br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">Required
Type
support: Element and Content. <br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">Encryption
                  <br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> Serialization of XML Element and Content.
                      <ol>
<li> NFC conversion from non-Unicode encodings.
                        </li>
                      </ol>
</li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> Encryptor returns EncryptedData structure. </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> Encryptor replaces EncryptedData into source
document (when Type is Element or Content). </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> Decryption <br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> The decryptor returns the data and its Type to
the application (be
it an octet sequence or key value). </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> If data is Element or Content the decryptor
return the UTF-8 encoding XML character data. </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
                  <ul>
<li> If data is Element or Content the decryptor
replaces the EncryptedData in the source document with the decrypted
data. </li>
                  </ul>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">TRIPLEDES<br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">AES-128<br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">AES-256<br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> AES-192<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">RSA-v1.5
(192 bit keys
for AES or DES)<br>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> RSA-OAEP (128
and 256 bit keys for
AES)<br>
</td>
                  <td valign="top">Y<a href="#rsa-oaep"><sup>(1)</sup></a>
                  <br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> Diffie-Hellman
Key Agreement<br>
</td>
                  <td valign="top">N<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> TRIPLEDES Key
Wrap<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">N</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> AES-128 Key
Wrap (128 bit keys)<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> AES-256 Key
Wrap (256 bit keys)<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> AES-192 Key Wrap<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">N</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> SHA1<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> SHA256<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> SHA512<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> RIPEMD-160<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                  <td style="vertical-align: top;">N<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> XML Digital
Signature <br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top"> Decryption
Transform<br>
</td>
                  <td valign="top">N<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top">
<ul>
<li>XPointer support in <code>Except URI</code>
</li>
</ul>
</td>
                  <td valign="top">N<br>
</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                  <td style="vertical-align: top;">N</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
<a href="http://www.w3.org/TR/xml-c14n">Canonical XML 1.0</a>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
<a href="http://www.w3.org/TR/xml-exc-c14n">Exlusive Canonical XML 1.0</a>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" align="left" valign="top">
<a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML 1.1</a>
</td>
                  <td align="left" valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                  <td style="vertical-align: top;">Y<br>
</td>
                </tr>
<tr>
<td style="width: 40%;" valign="top">Base64 Encoding<br>
</td>
                  <td valign="top">Y<br>
</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                  <td style="vertical-align: top;">Y</td>
                </tr>
</tbody></table>
<div align="left"> <br><a name="rsa-oaep"></a> <sup>(1)</sup> OpenSSL (and XML
Security Library) supports only SHA1 as the digest in the RSA-OAEP key
transport.<br><p> <b>Test vectors (from <a href="http://www.w3.org/Encryption/2002/02-xenc-interop.html">W3C XML
Encryption
interop page</a>): </b><br><a href="http://lists.w3.org/Archives/Public/xml-encryption/2002Mar/0008.html">merlin-xmlenc-five.tar.gz</a>
            <br><a href="http://lists.w3.org/Archives/Public/xml-encryption/2002Mar/att-0052/01-phaos-xmlenc-3.zip">phaos-xmlenc-3.zip</a>
            <br></p>
            </div>
            </div>
            </div></td></tr></table></td>
</tr></table></body>
</html>