Re: Problem: How to encrypt nodes without breaking parsers

Hi, Steve,

I think one point that you are making is that it would be
good if we can preserve the same content model
(read: validity) after encryption as in your example.
This is achievable if all the contents to be encrypted
are CDATA.  However, sometimes we want to hide
not only text strings but structures, perhaps by
replacing a whole element (along with its all descendants)
with a base64 encoded encrypted data, which may
break the content model (if the parent content model
is not MIXED).  See the following example:

Plain XML:
  <order>
    <items> ... </items>
    <payment>
      <creditCard> ... </creditCard>
    </payment>
  </order>

Encrypted  XML:
  <order>
    <items> ... </items>
    <payment>Dkwo23PDqcdopqDESP4/dd==</payment>
  </order>

and the content model of <payment> is like this:

<!ELEMENT payment (creditCard | check | moneyOrder)>

Hiroshi

--
Hiroshi Maruyama
Manager, Internet Technology, Tokyo Research Laboratory
+81-46-215-4576
maruyama@jp.ibm.com



From: Steve Wiley <steve@myProof.com> on 2000/09/28 06:00

To:   xml-encryption@w3.org
cc:    (bcc: Hiroshi Maruyama/Japan/IBM)
Subject:  Problem: How to encrypt nodes without breaking parsers



Hello,

I just joined this group six days ago.

?I read: 'XML Encryption Syntax and
Processing'

http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0001/01-xmlencoverview.html

and: 'Specification of Element-wise XML Encryption'
http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0005/01-xmlenc-spec.
html

The 'XML Encryption Syntax and Processing' document addresses issues that are
important to us such as being able to encrypt the content of an element (text
node or
attribute) but not the element itself.?However, the 'Specification of
Element-wise XML Encryption'
doesn't seem to allow encrypting text node or attributes.?Also, we need a
better way of
referencing nodes besides URI's.

We are working with legacy customer XML applications that will choke if the
structure of the
document changes.?Therefore we would like to see that functionality in 'XML
Encryption Syntax
and Processing' makes it into 'Specification of Element-wise XML Encryption'.
And that:

1. The <Reference> element needs an attribute to refer to nodes by XPath.?A
URI won't work
???for us because we would have to add ID attributes to the referenced node
thus changing the
???XML schema.
2. Node and attribute values must be able to be encrypted without adding new
elements into
???the parent element for the same reason.

Here is contrived example of what we need.?All the employee information would
be
encrypted but different departments would have the keys to look at information
approved
for their department.

<employee-database>
????????employee emp-type='contract' salary-level='eng-4' >
????????????????name>Joan Doe</name>
????????????????med-plan>Blue Cross</med-plan>
???????????????? . .
????????/employee>
???????? . .
</employee-database>

The application can handle unknown high level elements but can NOT handle
new elements inserted into elements like <med-plan>.?Therefore we would like
to encrypt node or attribute values and replace them with the base64 string.
This way we don't break any legacy parsers.?We would then like to note which
keys apply to which nodes or attributes to decrypt.?However we can NOT use
a <reference URI='xxx'> because we would have to insert an 'Id' attribute into
every <employee> or <med-plan> element.?We would like to use
<reference XPath='xxx'> which would allow easy access to decrypt.?Could an
XPath attribute be added to <Reference>??Here is how I think it could be
applied
to the above example:

<employee-database>
???<employee emp-type='contract' salary-level='DHI&^BhU==' >
???????<name>Joan Doe</name>
???????<med-plan>cb6Tyre4</med-plan>
???????. . .
???</employee>
???. . .
???<Encryption xmlns="http://www.w3.org/xmlenc">
???????<EncryptionInfos>
???????????<EncryptionInfo>
???????????????<KeyInfo>
???????????????????<KeyName>MED-PLAN</KeyName>
???????????????</KeyInfo>
???????????????<EncryptedContentInfo>
???????????????????<ContentEncryptionMethod
Algorithm="http://www.w3.org/xmlenc#des-ecb-pkcs5padding" />
???????????????????<Reference
XPath='/employee-database/employee/med-plan/node()'>
???????????????????????<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000710" />
???????????????????</Reference>
???????????????</EncryptedContentInfo>
???????????</EncryptionInfo>
????????????<EncryptionInfo>
???????????????<KeyInfo>
???????????????????<KeyName>SALARY-LEVEL</KeyName>
???????????????</KeyInfo>
???????????????<EncryptedContentInfo>
???????????????????<ContentEncryptionMethod
Algorithm="http://www.w3.org/xmlenc#des-ecb-pkcs5padding" />
???????????????????<Reference
XPath='//*/attribute::salary-level'>
???????????????????????<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000710" />
???????????????????</Reference>
???????????????</EncryptedContentInfo>
???????????</EncryptionInfo>
??????</EncryptionInfos>
???</Encryption>
</employee-database>

Thus, in this example we didn't need to alter the structure (add any elements)
to <employee-database>
and only need <EncryptionInfo> element for each type of node or attribute that
needs encryption.

Any ideas, corrections or thought are welcome.?I am new to this so I may have
overlooked
or misunderstood the specs.

So, to summarize:
1. The <Reference> element needs an attribute to refer to nodes by XPath.?A
URI won't work
???for us because we would have to add ID attributes thus changing the XML
schema.
2. Node and attribute values must be able to be encrypted without adding new
elements into
???the parent element.

Thanks,
Steve Wiley

P.S.

 I just joined this group six days ago.?I haven't seen any mail activity and
the mail
archives don't show anything past August.?Are things that quiet or is there a
mail
server problem.

Received on Wednesday, 27 September 2000 20:53:58 UTC