The XML Encryption / Decryption filter encrypts or decrypts XML messages using a cryptography algorithm. It encrypts or decrypts whole XML message or selective elements. The key encryption can be optionally used. The EncryptedData element has the following structure:

<xenc:EncryptedData Id?> <xenc:EncryptionMethod/>? <ds:KeyInfo> <xenc:EncryptedKey/>? <ds:KeyName/>? </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue/>? </xenc:CipherData> </xenc:EncryptedData>

Configuration Properties

Property

Description

Maximum Concurrency

The maximum level of concurrency for this filter. A setting of 0 (zero) means unlimited. Limiting the level of concurrency limits memory usage. Refer to Maximum Concurrency for details.

Encrypt or Decrypt

Identifies whether an XML message processed by this filter is to be encrypted or decrypted:

  • Encrypt (default).
  • Decrypt.

Encrypted Part

Options: Encrypt whole message including root tag, Encrypt whole message excluding root tag, Encrypt selected element. Default: Encrypt whole message including root tag
The part of the XML message to be encrypted. If Encrypt selected element is set then Encrypted Element should be set.

Only available if Encrypt or Decrypt is set to Encrypt.

Encrypted Element

The XPath of the selective element to be encrypted / decrypted.

Only available if Encrypted Part is set to Encrypt selected element.

XML Data Cipher

The name of a symmetric cryptography to be used to encrypt the content of the XML. Available algorithms are:

  • AES 128
  • AES 192
  • AES 256
  • Triple DES EDE

Only available if the Encrypt or Decrypt field is set to Encrypt.

Canonicalization Algorithm

The name of the canonicalization algorithm to be used for serializing before the XML content is encrypted. Available algorithms are:

  • Exclusive Canonicalization without Comment
  • Exclusive Canonicalization with Comment
  • Canonicalization without Comment
  • Canonicalization with Comment

Only available if the Encrypt or Decrypt field is set to Encrypt.

XML Data Encryption Key

The secret key to be used for encrypting / decrypting the XML content. Select the key displayed in the Select AES Symmetric Key dialog:

You can generate a new key using the Certificate and Key Manager. Refer to Generating a Symmetric Key for details.

Key Cipher

The name of the cipher to be used for encrypting the XML data encryption key. If None is selected then the key encryption will not be applied. Available algorithms are:

  • AES 128 Key Wrap
  • AES 192 Key Wrap
  • AES 256 Key Wrap
  • Triple DES EDE Key Wrap
  • RSA OAEP
  • RSA V1.5

Only available if Encrypt or Decrypt is set to Encrypt.

Key Encryption Key

The certificate which contains the public key to be used for encrypting the XML content encryption key.

Only available if Encrypt or Decrypt is set to Encrypt.

Key Decryption Key

The private key to be used for decrypting the XMLencryption key.

Only available if Encrypt or Decrypt is set to Encrypt.

Enclose Encrypted Key

Only available if Encrypt or Decrypt is set to Encrypt.
Whether the outgoing encrypted message encloses the encrypted key or not. If set to True, the EncryptedKey element is added to the KeyInfo element.

Namespaces

Determines whether namespaces should be removed from the generated XML:

  • Do not change (default).
  • Remove Namespaces.