2 Decryption Transform

2.1 Processing Rules

2.1.1 Functions

Y = decryptXML(X, e, C)

where X is a node-set, e is an element node with the type xenc:EncryptedData in X, and C is a parsing context of X. Y is a node-set obtained by the following steps:

1. Convert X to an octet stream as described in The Reference Processing Model (section 4.3.3.2) of the XML Signature specification [XML-Signature].
2. Wrap the resulting octet stream as proposed by Richard Tobin in [Tobin] (and also specified in Text Wrapping (appendix A)) and if needed, add the octets representing a document type declaration. In order to parse the octet stream in the context of C, all the namespace declarations in C MUST be added to the wrapping element. Also all the entity declarations in C MUST be added to the document type declaration.
3. Decrypt the element corresponding to e (which may require parsing) and replace it with the resulting octet stream according to the XML Encryption specification [XML-Encryption].
4. Parse the decrypted octet stream as described in The Reference Processing Model (section 4.3.3.2) of the XML Signature specification [XML-Signature], resulting in a node-set.
5. Y is the node-set obtained by removing the root node, the dummy element node, and its associated set of attribute and namespace nodes from the node-set obtained in Step 4.
6. Return Y.

(In decryptXML(), all of the steps except the actual decryption are necessary because XPath does not permit one to remove and then replace a node. Consequently, we must serialize (1), wrap (2), reparse (4), and trim the node set (5).)

6 References

XML-Infoset

John Cowan and Richard Tobin. XML Information Set, W3C Recommendation, 2001.

http://www.w3.org/TR/2001/REC-xml-infoset-20011024