XML Security Library

XML Security Library
XML Encryption Interoperability Report

Aleksey Sanin
April 13 2002

XML Encryption Implementation and Interoperability Report
Features and algorithms
 Key Word
 Support
Laxly valid schema generation of EncryptedData /EncryptedKey
MUST
 Y
  • Normalized Form C generations.
SHOULD
Y
Type, MimeType, and Encoding
MUST
Y
CipherReference URI derefencing
MUST
Y
  • Transforms
OPTIONAL
Y
ds:KeyInfo
MUST
Y
  • enc:DHKeyValue
OPTIONAL
N
  • ds:KeyName
RECOMMENDED
Y
REQUIRED
 Y
ReferenceList
OPTIONAL
N
EncryptionProperties
OPTIONAL
Y
Satisfactory Performance
 (required!)
 Y
Required Type support: Element and Content.
MUST
Y
Encryption
MUST
Y
  • Serialization of XML Element and Content.
    1. NFC conversion from non-Unicode encodings.
MAY
MUST
Y
  • Encryptor returns EncryptedData structure.
MUST
Y
  • Encryptor replaces EncryptedData into source document (when Type is Element or Content).
SHOULD
Y
Decryption
MUST
Y
  • The decryptor returns the data and its Type to the application (be it an octet sequence or key value).
MUST
Y
  • If data is Element or Content the decryptor return the UTF-8 encoding XML character data.
MUST
Y
  • If data is Element or Content the decryptor replaces the EncryptedData in the source document with the decrypted data.
SHOULD
Y
TRIPLEDES
 REQUIRED
 Y
AES-128
 REQUIRED
 Y
AES-256
 REQUIRED
 Y
AES-192
 OPTIONAL
Y
RSA-v1.5 (192 bit keys for AES or DES)
 REQUIRED
 Y
RSA-OAEP (128 and 256 bit keys for AES)
 REQUIRED
 Y(1)
Diffie-Hellman Key Agreement
 OPTIONAL
N
TRIPLEDES Key Wrap
 REQUIRED
 N
AES-128 Key Wrap (128 bit keys)
 REQUIRED
 N
AES-256 Key Wrap (256 bit keys)
 REQUIRED
 N
AES-192 Key Wrap
 OPTIONAL
N
SHA1
 REQUIRED
 Y
SHA256
 RECOMMENDED
N(2)
SHA512
 OPTIONAL
N(2)
RIPEMD-160
 OPTIONAL
N
XML Digital Signature
RECOMMENDED
Y
Decryption Transform for XML Signature
RECOMMENDED
N
  • XPointer support in Except URI.
OPTIONAL
N

Canonical XML (with and without comments)

OPTIONAL
Y
Exclusive Canonicalization (with and without comments)
 OPTIONAL
Y
base64 Encoding
 REQUIRED
 Y

(1)OpenSSL (and XML Security Library) supports only SHA1 as the digest in the RSA-OAEP key transport.
(2)SHA2 standard (SHA256/384/512) is not finalized yet and by this it is not supported by OpenSSL.

Test vectors:
merlin-xmlenc-five.tar.gz