If you utilize xml and have xml data you need to understand that must be quite possible to have xml encrypted, actually the W3C, the body given the task of handling and also developing the xml standard have a standard for xml encryption.
The process involves encrypting an xml as well as child elements and after that swapping out the original content with the subsequent encrypted xml, whilst ensuring that the documents remains to be valid and well formed from an xml perspective.
With regards to the encryption itself, you will have three choices, symmetric encryption, a mixture of asymmetric and symmetric encryption and thirdly, X.509 Certificate encryption.
The 1st way, symmetric encryption is where you operate the same key to encrypt and decrypt the xml, the key should be stored securely and loaded during the time of use as the key is not kept with the file, care is required to be taken that the key is not jeopardized.
Accomplishing this itself involves replacing the xm content (elements) with an encrypted tag i.e. <EncryptedData>, this will likely contain the encrypted elements.
The second option, utilizing a combination symmetric and asymmetric conversion, the symmetric key is employed to encrypt the xml data while an asymmetric key is employed to encrypt the symmetric key itself. The asymmetric key works with a public and private key, a public key to encrypt the key as well as a private key to decrypt the key. Both symmetric and asymmetric keys are held and saved in the xml record itself.
Doing this itself is rather simple assuming you have a basic programming background and includes creating a CspParameters object and indicating the name of the key container then creating a symmetric key making use of the RSACryptoServiceProvider class.
The third method is make use of X.509 certificates through third party vendors for example VeriSign therefore called X.509 Certificate Encryption, the procedure works as follows.
The xml data is encrypting using two keys. A test X.509 certificate is created by using a Certificate creation tool (Makecert.exe) and this created certificate is stashed into a “certificate store”. The certificate will then be programmatically recovered and used to encrypt an XML element making use of the standard Encypt method ie <EncryptedData> element. Internally, the Encrypt method produces a separate session key and makes use of it to encrypt the XML document. This procedure encrypts the session key and saves it in addition to the encrypted XML inside of a new <EncryptedData> element.
Regardless which process you decide on, it’s imperative that you point out that your encrypted data can be held in two different methods, alternative one you are able to switch your entire element with all the encrypted clement <EncryptedData>, or alternative two only the data in the element is substituted with <EncryptedData>.
Even though on face value their may well not seem like a tremendous amount of difference between the two, nothing might be further from the truth, while using the first approach might be a costly blunder if for example you wanted to encrypt data and read the child elements later on, in such a case option 2 would be better as you may still read the attributes for example.
Whenever using xml feel free to use just about any text editor for instance notepad, nonetheless commercial and free xml editors can be found which help you to generate semantically correct xml whilst providing a great many superior benefits for the more regular xml developers. A extensive listing of xml editors can be found at http://www.xml-editor.info
No comments:
Post a Comment