W3C home > Mailing lists > Public > xml-encryption@w3.org > September 2000

AW: Problem: How to encrypt nodes without breaking parsers

From: Juergen Fey <jfey@jfey.de>
Date: Thu, 28 Sep 2000 05:14:33 -0400 (EDT)
To: "Hiroshi Maruyama" <xml-encryption@w3.org>
Message-ID: <NDBBKJLGADHEJNNCGKPDAEIKGKAA.jfey@jfey.de>
Hi,

I need to crypt parts of the XML data which gets transferred between
client and server for an online publishing system. This system
uses XML-RPC as the basic protocol.

There are many options and during breakfast i had this idea:

Sometimes it is an security breach to provide information about the
XML structure itself if you just crypt the node data.

As Hiroshi already said:

> I think one point that you are making is that it would be
> good if we can preserve the same content model
> (read: validity) after encryption as in your example.
> This is achievable if all the contents to be encrypted
> are CDATA.  However, sometimes we want to hide
> not only text strings but structures, perhaps by
> replacing a whole element (along with its all descendants)
> with a base64 encoded encrypted data, which may
> break the content model (if the parent content model
> is not MIXED).  See the following example:
>
> Plain XML:
>   <order>
>     <items> ... </items>
>     <payment>
>       <creditCard> ... </creditCard>
>     </payment>
>   </order>
>
> Encrypted  XML:
>   <order>
>     <items> ... </items>
>     <payment>Dkwo23PDqcdopqDESP4/dd==</payment>
>   </order>
>
> and the content model of <payment> is like this:
>
> <!ELEMENT payment (creditCard | check | moneyOrder)>
>

An easy solution could be to use SSL overall and let this additional, deeper
layer
do the crypting and encrypting. This way client and server would work
unchanged
and still the whole data would be crypted.

Another solution could be to pack all the relevant data into one big base64
structure
plus a new tag (content crypted) which "explains" the real XML format of the
base64 structure:

Instead of using:

   <order>
     <items>ZKff-*G</items>
     <payment>
       <creditCard>HHjhsf?d'</creditCard>
     </payment>
     <customer>
       <name>JF%&88n</name>
       <custno>65hh.;ll</custno>
     </customer>
   </order>

we could then use:

   <order>
     <PacketType>&gg(9.</PacketType>
     <PacketData>....................</PacketData>
   </order>

According to the PacketType-field, client and server could build (decrypt +
adding the whole resulting ASCII subtree ) an XML tree from the PacketData
easily.

I do not know if someone else had this easy idea before. Would not be a
surprise.


So, what is speaking against SSL and pro the "per field" crypting?


greetings

Juergen Fey

"don`t drive when you`re dead, tom waits"
         The box said "Win95 or better", so i installed Linux
Received on Friday, 29 September 2000 07:45:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:17 GMT