W3C home > Mailing lists > Public > xml-encryption@w3.org > October 2001

Question about EncryptedType

From: Dournaee, Blake <bdournaee@rsasecurity.com>
Date: Thu, 18 Oct 2001 15:15:04 -0700
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D202A1B5AB@exrsa01.rsa.com>
To: xml-encryption@w3.org
Hello All,

I have some questions regarding the Last Call WD for XML Encryption,

Question #1:

Here is the schema definition for <EncryptedType> from

  <complexType name='EncryptedType' abstract='true'>
      <element name='EncryptionMethod' type='xenc:EncryptionMethodType' 
      <element ref='ds:KeyInfo' minOccurs='0'/>
      <element ref='xenc:CipherData'/>
      <element ref='xenc:EncryptionProperties'/>
    <attribute name='Id' type='ID' use='optional'/>
    <attribute name='Type' type='anyURI' use='optional'/>

I have noticed that the <EncryptionProperties> element isn't marked with a
"minOccurs=0" implying that it is required. Is this 
a mistake in the schema definition? The <EncryptionProperties> element
should be optional, correct?

Question #2:

This is a question regarding serialization.

There seems to be a conflict with this verbage (perhaps it is my twisted

Consider Section 4.1:

"If the data is an [ XML] Element or [ XML] Element Content, obtain the
octets by serializing the data in UTF-8 as specified in [ XML]. "

Then, consider Section 5.9:

"Canonical XML [Canon] is the recommended method of consistently serializing
XML into an octet stream"

These are obviously very different. I read the first as "convert the XML
into UTF-8" and the second is obviously the application of Canonical XML.
Which one should be used? And further, when would Canonical XML really be
required during Encryption or Decryption?


Blake Dournaee
Toolkit Applications Engineer
RSA Security
"The only thing I know is that I know nothing" - Socrates

-----Original Message-----
From: Dournaee, Blake 
Sent: Thursday, October 18, 2001 1:28 PM
To: xml-encryption@w3.org
Subject: Password Based Encryption for RSA Keys

Hi All,

It seems to me that XML Encryption does not have a facility to encrypt
RSA/DSA Private Keys using password-based encryption. E.g. There is no
replacement for what is currently a PKCS#8 "EncryptedPrivateKeyInfo"
structure (to use the ASN.1 terminology)

Currently, there is no XML representation of such an encrypted construct,
which is very odd because this form of encrypted data is especially
"user-friendly" because it is unlocked with a password.

Any ideas on this? Or perhaps it was decided against for some good reason?

Blake Dournaee
Toolkit Applications Engineer
RSA Security
"The only thing I know is that I know nothing" - Socrates
Received on Thursday, 18 October 2001 18:18:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:05 UTC