Jump to content

w3c EncryptedData type


Stadiumite
 Share

Recommended Posts

I've been working on passing some encrypted data in XML messages. There's a w3c recommendation that defines an EncryptedData type. Within that type, you can pass the value you want to encrypt as "CipherData" <EncryptedData> <xenc:CipherData> <xenc:CipherValue></xenc:CipherValue> </xenc:CipherData> <xenc:EncryptionProperties> <xenc:EncryptionProperty> <!--IV?????--> <ds:KeyName></ds:KeyName> </xenc:EncryptionProperty> </xenc:EncryptionProperties> </EncryptedData>The type has lots of elements defined within it, for representing details about the encryption that you may need to pass tothe consumer for decryption.If I'm using an encryption method that requires the encryptor and the decryptor to use the same Initialization Vector (IV), I would think that I should be able to represent that IV somewhere in the EncryptedData block. But I haven't been able to figure out exactly how. It's not a key, so I don't think it belongs in ds:keyInfo. None of the other elements seems to be an exact fit either.If I'm going to bother to follow this recommendation, I want to do it correctly. Nothing I can find tells me how to do this. Is the IV somehow embedded in CipherValue?

Link to comment
Share on other sites

Well, when you first search the spec for "Initialization Vector", you find this sentence:

For user specified block encryption algorithms, the IV, if any, could be specified as being with the cipher data, as an algorithm content element, or elsewhere.
I suppose this implies that you are free to specify the IV anywhere, though you're advised to use it as part of the cipher data or as an algorith content element.
Link to comment
Share on other sites

Well, when you first search the spec for "Initialization Vector", you find this sentence:I suppose this implies that you are free to specify the IV anywhere, though you're advised to use it as part of the cipher data or as an algorith content element.
Thanks for the hint. I must have looked at that spec 100 times and I didn't pick up on that.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...