Application Features Key Word DataPower XS-40
Laxly valid schema generation of EncryptedData/EncryptedKey MUST Y
  • Normalized Form C generations.
 SHOULD Y
Type, MimeType, and Encoding MUST Y
CipherReference URI derefencing MUST Y
  • Transforms
 OPTIONAL ?
ds:KeyInfo MUST Y
  • enc:DHKeyValue
 OPTIONAL N
  • ds:KeyName
 RECOMMENDED Y
REQUIRED Y
ReferenceList OPTIONAL Y
EncryptionProperties OPTIONAL Y
Processing Features Key Word DataPower XS-40
Required Type support: Element and Content. MUST Y
Encryption MUST Y
MAY

MUST

 N

Y
  • Encryptor returns EncryptedData structure.
 MUST Y
  • Encryptor replaces EncryptedData into source document (when Type is Element or Content).
 SHOULD Y
Decryption MUST Y
  • The decryptor returns the data and its Type to the application (be it an octet sequence or key value).
 MUST Y
  • If data is Element or Content the decryptor return the UTF-8 encoding XML character data.
 MUST Y
  • If data is Element or Content the decryptor replaces the EncryptedData in the source document with the decrypted data.
 SHOULD Y
Algorithms Key Word DataPower XS-40
TRIPLEDES REQUIRED Y
AES-128 REQUIRED Y
AES-256 REQUIRED Y
AES-192 OPTIONAL Y
RSA-v1.5 (192 bit keys for AES or DES) REQUIRED Y
RSA-OAEP (128 and 256 bit keys for AES) REQUIRED Y
Diffie-Hellman Key Agreement OPTIONAL N
TRIPLEDES Key Wrap REQUIRED Y
AES-128 Key Wrap (128 bit keys) REQUIRED Y
AES-256 Key Wrap (256 bit keys) REQUIRED Y
AES-192 Key Wrap OPTIONAL Y
SHA1 REQUIRED Y
SHA256 RECOMMENDED N
SHA512 OPTIONAL N
RIPEMD-160 OPTIONAL N
XML Digital Signature RECOMMENDED Y
Decryption Transform for XML Signature RECOMMENDED N
  • XML Mode
 o REQUIRED
  • Binary Mode
 o REQUIRED
  • Profiled XPointer support in Except URI
 o OPTIONAL
  • Profiled XPointer support in Except URI into replacement node-sets (i.e. super-decryption).
 o OPTIONAL
  • Full XPointer support in Except URIs.
 o OPTIONAL

Canonical XML (with and without comments)

 OPTIONAL Y
Exclusive Canonicalization (with and without comments) OPTIONAL Y
base64 Encoding REQUIRED Y