Last Changes: 23.06.2008 (Clemens Orthacker) This document is currently being edited.

Introduction to the DSS Encryption Profile

The DSS encryption profile provides means to request the encryption of arbitrary data (including an XML document), an XML element, XML element content or combinations of these. For all requested encryption operations one encryption key or set of keys is employed. The result of encrypting data is encrypted content of any encryption syntax or format supported by the implementing DSS encryption service. The encryption profile allows for implementation as encryption-only DSS encryption protocol, as well as integration in the DSS signing protocol in order to sign and encrypt the provided content.

The entire encryption configuration is done via OptionalInputs, while the documents to be encrypted are contained within InputDocuments and only referenced from the configuration elements. The following example would encrypt the entire XML fragment contained in the referenced dss:Document's dss:InlineXML child.

<EncryptRequest xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema">
    ...
    <dss:OptionalInputs>
        <ContentEncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
        <EncryptionContent WhichDocument="toBeEncrypted"/>
        ...
    </dss:OptionalInputs>
    <dss:InputDocuments>
        <dss:Document ID="toBeEncrypted">
            <dss:InlineXML>
                <payload>Hello, world!</payload>
            </dss:InlineXML>
        </dss:Document>
        ...
    </dss:InputDocuments>
</EncryptRequest>

<EncryptResponse xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <dss:Result>
        <dss:ResultMajor>urn:oasis:names:tc:dss:1.0:resultmajor:Success</dss:ResultMajor>
    </dss:Result>
    <dss:OptionalOutputs>
        <EncryptedDocument>
            <InlineXML>
                <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#">
                    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                        <KeyName>default encryption key</KeyName>
                    </KeyInfo>
                    <CipherData>
                        <CipherValue>SGVsbG8sIHdvcmxkIQ==</CipherValue>
                    </CipherData>
                </EncryptedData>
            </InlineXML>
        </EncryptedDocument>
    </dss:OptionalOutputs>
</EncryptResponse>

The above example shows the request/response messages of the encryption-only DSS encryption protocol. The DSS encryption profile also defines the embedding of encryption configuration within the DSS signing protocol, in order to allow for the combination of signing and encryption. Only the top level dsse:EncryptRequest and dsse:EncryptResponse elements are specific to the encryption protocol, all other elements and types defined in [encryption-profile-0.4.xsd] may be used within the DSS signing protocol.

In simple cases cases, an encryption request will contain only one dsse:EncryptionContent element per input document to be encrypted. This element, however, may request multiple (XMLEnc) encryption operations within the referenced document. In more complex cases, when both signing and encryption of an input document is requested, an arbitrary number of dsse:EncryptionContent elements, along with dss:SignedReference or dss:IncludeObject elements may be provided per input document, in order to allow the arbitrary combination of signing and encryption operations. The document order within dss:OptionalInputs, i.e. the order of appearance of dsse:EncryptionContent, dss:SignaturePlacement, dss:SignedReference and/or dss:IncludeObject uniquely determines the sequence of signing and encryption operations accomplished by the service.


TODO DSS Core There is no real need for dss:SignedReferences element, that only groups the individual dss:SignedReference elements. It should be removed in order to allow the arbitrary combination of signing and encryption operations; dss:SignedReference should appear directly in dss:OptionalInput.


Note that multiple dsse:EncryptionContent elements might reference the same input document. This allows for using different encryption syntax or formats (CMS, XMLEnc) on the same content without transmitting it several times.


TODO DSSE Decide on whether encryption using other formats (CMS, CCE, ...) is out of scope in the DSS encryption profile. (NO)


For every dsse:EncryptionContent optional input, the response contains one EncryptedDocument containing the requested encrypted content in the same dss:Document subtype format (InlineXML, Base64XML, EscapedXML, Base64Data or AttachmentReference) as the respective input document (dsse:EncryptedDocument extends dss:DocumentBaseType).

The general rule of one encrypted document output per encryption content input may be violated whenever enveloped or enveloping signatures are requested, since only in these cases the input document will be returned in the response. More precisely, if dss:SignaturePlacement or dss:IncludeObject reference the same input document as dss:EncryptionContent does (and if the requested encryption syntax is XMLEnc), the encrpyted content is directly included in the requested dss:DocumentWithSignature or ds:Object, respectively.

The processing of input documents is done sequentially and in place. It is within the caller's responsibility to choose the correct XPath encryption selectors (see below) with respect to the current state of the document during processing. Node counts in XPath expressions have to be used with care since encryption makes nodes "disappear". Further, an enveloping signature changes the root node of the input document (to the root ds:Signature element), which must be respected by subsequent XPath expressions (examples are provided below).

The service however ensures that if different encryption formats (XMLEnc, CMS) are requested, the processing of both starts from the original input document. (The input document must be cloned prior to processing of multiple dsse:EncryptionContent elements referencing the same input document and requesting different encryption formats.)


TODO DSSE discuss use case encrypt same input document using different formats (XML, CMS). disadvantage: clone input document

TODO DSSE discuss combination of CMS signature and encryption


Encryption Profile/Protocol Examples

Examples for the encryption protocol (EncryptRequest and EncryptResponse) and the encryption profile embedded within the signature protocol (SignRequest and SignResponse).

Encryption Request

The following example shows an encryption request illustrating most of the encryption protocol's capabilities. The Base64 values for certificates, etc. are dummy values.

<EncryptRequest xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema# file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile_0.4.xsd">
    <dss:OptionalInputs>

The content encryption algorithm used to encrypt all documents. The content encryption key is encrypted with all provided encryption keys.

        <ContentEncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>

An arbitrary number of encryption keys (used to encrypt the content encryption key). This element's type should be an extension of dss:KeySelectorType.

        <EncryptionKey EncryptedKeyId="encryption_key" IncludeEncryptedKey="false"
            CertificateValidation="urn:TODO:warn">
            <ds:KeyInfo>
                <ds:KeyName>encryption key</ds:KeyName>
                <ds:X509Data>
                    <ds:X509Certificate>SGVsbG8sIHdvcmxkIQ==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </EncryptionKey>

Encrypt (CMS) the binary data contained in the referenced (#opaque-data) input document's Base64Data child

        <EncryptionContent WhichDocument="opaque-data" EncryptionSyntax="urn:cms:TODO"
            EncryptedDocumentId="opaque-cms"/>

Encrypt (XMLEnc) the same binary data as above (no Encoding attribute here, Base64Data is base64 decoded prior to encryption and contains the binary octets).

        <EncryptionContent WhichDocument="opaque-data"
            EncryptionSyntax="http://www.w3.org/2001/04/xmlenc#" EncryptedDocumentId="opaque-xmlenc"
            MimeType="image/png"/>

Same as above, with xenc:CipherReference. The referenced cipher data octets will returned as CipherValue child of EncryptedDocument

        <EncryptionContent WhichDocument="opaque-data"
            EncryptionSyntax="http://www.w3.org/2001/04/xmlenc#"
            EncryptedDocumentId="opaque-cipherref" MimeType="image/png"
            CipherReference="http://example.org/cipherdata"/>

Encrypt (XMLEnc) part of the XML data contained in the referenced (#structured-data) input document's InlineXML child. The first element (EncryptAndReplaceData) selects (XPath) one element, who's content is inline encrypted. The second element (InsertEncryptedData), selects a document (#opaque-data) to be encrypted and the resulting xenc:EncryptedData to be inserted at the specified destination in EncryptedDocument #structured.

        <EncryptionContent WhichDocument="structured-data" EncryptedDocumentId="structured">
            <EncryptAndReplaceData Selector="/PayloadRoot/PayloadChild[2]"
                EncryptedDataId="structured-ed1" Type="http://www.w3.org/2001/04/xmlenc#Content"/>
            <InsertEncryptedData WhichDocument="opaque-data" EncryptedDataId="structured-ed2"
                MimeType="image/png">
                <EncryptedDataDestination Selector="/PayloadRoot/PayloadChild[3]" FirstChild="true"
                />
            </InsertEncryptedData>
        </EncryptionContent>
    </dss:OptionalInputs>
    <dss:InputDocuments>
        <dss:Document ID="opaque-data">
            <!-- base64 decoded prior to encryption -->
            <dss:Base64Data>SGVsbG8sIHdvcmxkIQ==</dss:Base64Data>
        </dss:Document>
        <dss:Document ID="structured-data">
            <dss:InlineXML>
                <PayloadRoot xmlns="http://example.org/ns">
                    <PayloadChild>Hello, </PayloadChild>
                    <PayloadChild>world!</PayloadChild>
                    <PayloadChild/>
                </PayloadRoot>
            </dss:InlineXML>
        </dss:Document>
    </dss:InputDocuments>
</EncryptRequest>


TODO DSS Core Make dss:KeySelectorType a top level type, so that dsse:EncryptionKeySelectorType can extend it.

TODO DSS Core In order to stay consistent with DSS core, the DestinationSelectorType should be adjusted. The provided solution with an optional FirstChild boolean attribute seems much simpler than a choice between XPathAfter and XPathFirstChildOf (see dss:SignaturePlacement).


Encryption Response

The encryption response corresponding to the request above is shown below.

<EncryptResponse xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema# file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile_0.4.xsd
    http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <dss:Result>
        <dss:ResultMajor>urn:oasis:names:tc:dss:1.0:resultmajor:Success</dss:ResultMajor>
    </dss:Result>
    <dss:OptionalOutputs>

The encryption key was requested not to be included in every xenc:EncryptedData. All KeyInfo sub-elements provided in the request should be returned by the service.

        <xenc:EncryptedKey Id="encryption_key">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
            <ds:KeyInfo>
                <ds:KeyName>encryption key</ds:KeyName>
                <ds:X509Data>
                    <ds:X509Certificate>SGVsbG8sIHdvcmxkIQ==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>SGVsbG8sIHdvcmxkIQ==</xenc:CipherValue>
            </xenc:CipherData>
            <xenc:CarriedKeyName>content encryption key</xenc:CarriedKeyName>
        </xenc:EncryptedKey>

The encrypted CMS object for input #opaque-data.

        <EncryptedDocument ID="opaque-cms">
            <dss:Base64Data>SGVsbG8sIHdvcmxkIQ==</dss:Base64Data>
        </EncryptedDocument>

The xenc:EncryptedData with the encrypted input #opaque-data. Since the input document was provided as Base64Data, the resulting xenc:EncryptedData is returned base64 encoded as well.

        <EncryptedDocument ID="opaque-xmlenc">
            <Base64XML>SGVsbG8sIHdvcmxkIQ==</Base64XML>
        </EncryptedDocument>

Same as above, but xenc:EncryptedData contains a CipherReference (not visible since EncryptedData is base64 encoded). The corresponding cipher value with the same URI is included below.

        <EncryptedDocument ID="opaque-cipherref">
            <Base64XML>SGVsbG8sIHdvcmxkIQ==</Base64XML>
            <CipherValue URI="http://example.org/ciphervalue">SGVsbG8sIHdvcmxkIQ==</CipherValue>
        </EncryptedDocument>

The returned input document (#structured-data) containing two EncryptedData elements which both reference the encrypted key (RetrievalMethod). The first EncryptedData element contains the encrypted content of the second PayloadChild element, and the second EncryptedData contains the inserted encrypted content (note that its Type attribute is set to 'content').

        <EncryptedDocument ID="structured">
            <InlineXML>
                <PayloadRoot xmlns="http://example.org/ns">
                    <PayloadChild>Hello, </PayloadChild>
                    <PayloadChild>
                        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                            Id="structured-ed1" Type="http://www.w3.org/2001/04/xmlenc#Content">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                            <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                                <dsig:RetrievalMethod URI="#encryption_key"/>
                            </dsig:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>SGVsbG8sIHdvcmxkIQ==</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedData>
                    </PayloadChild>
                    <PayloadChild>
                        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                            Id="structured-ed2" MimeType="image/png"
                            Type="http://www.w3.org/2001/04/xmlenc#Content">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                            <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                                <dsig:RetrievalMethod URI="#encryption_key"/>
                            </dsig:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>SGVsbG8sIHdvcmxkIQ==</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedData>
                    </PayloadChild>
                </PayloadRoot>
            </InlineXML>
        </EncryptedDocument>
    </dss:OptionalOutputs>
</EncryptResponse>


TODO DSSE Discuss use cases for InsertEncryptedDataType. Omit Type attribute, or automatically set to 'content'? Define new Type attribute?


Detached Signature and Encryption SignRequest

The following example shows the most basic dss:SignRequest for a detached signature which also requests the encryption of part of the document prior to signing. The detached signing is not explicitly requested in OptionalInputs and therefore executed after all other operations (the encrypted document will be signed).

<SignRequest xmlns:dsse="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:core:schema file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile_0.4.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <OptionalInputs>
        <EncryptionContent WhichDocument="toBeEncrypted">
            <EncryptAndReplaceData Selector="/PayloadRoot/PayloadChild[2]"
                EncryptedDataId="toBeEncrypted-ed1" Type="http://www.w3.org/2001/04/xmlenc#Element"
            />
        </EncryptionContent>
        <!-- detached signatures are implicitly executed after all other operations, ie. the encrypted document will be signed -->
    </OptionalInputs>
    <InputDocuments>
        <Document ID="toBeEncrypted">
            <InlineXML>
                <PayloadRoot xmlns="http://example.org/ns">
                    <PayloadChild>Hello, </PayloadChild>
                    <PayloadChild>world!</PayloadChild>
                </PayloadRoot>
            </InlineXML>
        </Document>
    </InputDocuments>
</SignRequest>

Detached Signature and Encryption SignResponse

The corresponding response contains the encrypted document and the standard DSS SignatureObject.

<SignResponse xmlns="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:dsse="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:core:schema file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile_0.4.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <Result>
        <ResultMajor>urn:oasis:names:tc:dss:1.0:resultmajor:Success</ResultMajor>
    </Result>
    <OptionalOutputs>
        <dsse:EncryptedDocument ID="toBeEncrypted">
            <dsse:InlineXML>
                <PayloadRoot xmlns="http://example.org/ns">
                    <PayloadChild>Hello, </PayloadChild>
                    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                        Id="toBeEncrypted-ed1" Type="http://www.w3.org/2001/04/xmlenc#Content">
                        <xenc:EncryptionMethod
                            Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                        <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                            <dsig:KeyName>default encryption key</dsig:KeyName>
                        </dsig:KeyInfo>
                        <xenc:CipherData>
                            <xenc:CipherValue>SGVsbG8sIHdvcmxkIQ==</xenc:CipherValue>
                        </xenc:CipherData>
                    </xenc:EncryptedData>
                </PayloadRoot>
            </dsse:InlineXML>
        </dsse:EncryptedDocument>
    </OptionalOutputs>
    <SignatureObject>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod
                    Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
                <Reference>
                    <Transforms>
                        <Transform
                            Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
                        />
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>RfKBYH5zFGrCuerYI3kmYOfklH4=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>RBuhVhMaonIGNrQEw6WUuUU2JeBjbXXuHtaq7SRPi3l+JnxnoDnGfQ==</SignatureValue>
        </Signature>
    </SignatureObject>
</SignResponse>


TODO DSSE ds:Reference URI attribute for detached signatures?

TODO DSSE introduce dsse:DetachedSignature element (may be placed before encryption)


Enveloping Signature and Encryption SignRequest

If an enveloping signature (dss:IncludeObject) is requested in combination with encryption, the encrypted parts appear directly in the ds:Object, no extra dsse:EncryptedDocument element is produced. (An dsse:EncryptedDocument might still be included containing the cipher data referenced from an encrypted part, see CipherValue and CipherReference.) Obviously, the signature breaks if the document is requested to be signed prior to encryption (dss:IncludeObject before dsse:EncryptionContent). Note that the context root for encryption XPath expressions (see dsse:EncryptAndReplaceData) changes if the document is embedded in an enveloping signature prior to encryption.


TODO DSSE discuss use case enveloping signature prior to encryption


Encryption before Enveloping Signature SignRequest

Encrypt (parts of) the document prior to signing.

<SignRequest xmlns="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:dsse="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:core:schema file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile_0.4.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <OptionalInputs>
        <dsse:EncryptionContent WhichDocument="toBeEncrypted">
            <dsse:EncryptAndReplaceData Selector="/PayloadRoot/PayloadChild[2]"
                EncryptedDataId="toBeEncrypted-ed1" Type="http://www.w3.org/2001/04/xmlenc#Element"
            />
        </dsse:EncryptionContent>
        <IncludeObject WhichDocument="toBeEncrypted"/>
    </OptionalInputs>
    <InputDocuments>
        <Document ID="toBeEncrypted">
            <InlineXML>
                <PayloadRoot xmlns="http://example.org/ns">
                    <PayloadChild>Hello, </PayloadChild>
                    <PayloadChild>world!</PayloadChild>
                </PayloadRoot>
            </InlineXML>
        </Document>
    </InputDocuments>
</SignRequest>

Enveloping Signature before Encryption SignRequest

Encrypt (parts of) the signed document. The signature obviously verifies only after decryption. Note that the context root for the EncryptAndReplace XPath expression changes.

<SignRequest xmlns="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:dsse="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:core:schema file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile_0.4.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <OptionalInputs>
        <IncludeObject WhichDocument="toBeEncrypted"/>
        <dsse:EncryptionContent WhichDocument="toBeEncrypted">
            <dsse:EncryptAndReplaceData xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                Selector="/ds:Signature/ds:Object[@Id='toBeEncrypted']/PayloadRoot/PayloadChild[2]"
                EncryptedDataId="toBeEncrypted-ed1" Type="http://www.w3.org/2001/04/xmlenc#Element"
            />
        </dsse:EncryptionContent>
    </OptionalInputs>
    <InputDocuments>
        <Document ID="toBeEncrypted">
            <InlineXML>
                <PayloadRoot xmlns="http://example.org/ns">
                    <PayloadChild>Hello, </PayloadChild>
                    <PayloadChild>world!</PayloadChild>
                </PayloadRoot>
            </InlineXML>
        </Document>
    </InputDocuments>
</SignRequest>

Enveloping Signature and Encryption SignResponse

The corresponding response contains the encrypted document in a ds:Object. Note that no dsse:EncryptedDocument is generated. (If CipherReference was provided, an EncryptedDocument would still be provided holding the cipher value only.) The signature before encryption case looks the same, except that the signature/digest values are different and the signature verifies only after decryption.

<SignResponse xmlns="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:dsse="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:core:schema file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile_0.4.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <Result>
        <ResultMajor>urn:oasis:names:tc:dss:1.0:resultmajor:Success</ResultMajor>
    </Result>
    <SignatureObject>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod
                    Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
                <Reference>
                    <Transforms>
                        <Transform
                            Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
                        />
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>RfKBYH5zFGrCuerYI3kmYOfklH4=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>RBuhVhMaonIGNrQEw6WUuUU2JeBjbXXuHtaq7SRPi3l+JnxnoDnGfQ==</SignatureValue>
            <Object MimeType="text/xml">
                <PayloadRoot xmlns="http://example.org/ns">
                    <PayloadChild>Hello, </PayloadChild>
                    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                        Id="toBeEncrypted-ed1" Type="http://www.w3.org/2001/04/xmlenc#Content">
                        <xenc:EncryptionMethod
                            Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                        <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                            <dsig:KeyName>default encryption key</dsig:KeyName>
                        </dsig:KeyInfo>
                        <xenc:CipherData>
                            <xenc:CipherValue>SGVsbG8sIHdvcmxkIQ==</xenc:CipherValue>
                        </xenc:CipherData>
                    </xenc:EncryptedData>
                </PayloadRoot>
            </Object>
        </Signature>
    </SignatureObject>
</SignResponse>

Enveloped Signature and Encryption SignRequest


TODO DSS Core find a way to include EncryptedDocument as DocumentWithSignature document child


<SignRequest ...>
    <OptionalInputs>
        <dsse:EncryptionContent WhichDocument="toBeEncrypted">
            <dsse:EncryptAndReplaceData Selector="/PayloadRoot/PayloadChild[2]"
                EncryptedDataId="toBeEncrypted-ed1" Type="http://www.w3.org/2001/04/xmlenc#Element"
            />
        </dsse:EncryptionContent>
        <SignaturePlacement WhichDocument="toBeEncrypted" CreateEnvelopedSignature="true">
            <XPathAfter>/PayloadRoot/PayloadChild[1]</XPathAfter>
        </SignaturePlacement>
    </OptionalInputs>
    <InputDocuments>
        <Document ID="toBeEncrypted">
            <InlineXML>
                <PayloadRoot xmlns="http://example.org/ns">
                    <PayloadChild>Hello, </PayloadChild>
                    <PayloadChild>world!</PayloadChild>
                </PayloadRoot>
            </InlineXML>
        </Document>
    </InputDocuments>
</SignRequest>

Enveloped Signature and Encryption SignResponse

<SignResponse xmlns="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:dsse="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:core:schema file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile_0.4.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <Result>
        <ResultMajor>urn:oasis:names:tc:dss:1.0:resultmajor:Success</ResultMajor>
    </Result>
    <OptionalOutputs>
        <DocumentWithSignature>
            <dsse:EncryptedDocument ID="toBeEncrypted">
                <dsse:InlineXML>
                    <PayloadRoot xmlns="http://example.org/ns">
                        <PayloadChild>Hello, </PayloadChild>
                        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                            <SignedInfo>
                                <CanonicalizationMethod
                                    Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                                <SignatureMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
                                <Reference URI="">
                                    <Transforms>
                                        <Transform
                                            Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                        <Transform
                                            Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
                                        />
                                    </Transforms>
                                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                    <DigestValue>1l9K5HhWFzy+l2xhA6eF7wYjs3c=</DigestValue>
                                </Reference>
                            </SignedInfo>
                            <SignatureValue>R4H9nNK7RC51yBAw+JKJUcQpfNqxkcnAr+DnhPuy+rXPiKF9WV95Ag==</SignatureValue>
                        </Signature>
                        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                            Id="toBeEncrypted-ed1" Type="http://www.w3.org/2001/04/xmlenc#Content">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                            <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                                <dsig:KeyName>default encryption key</dsig:KeyName>
                            </dsig:KeyInfo>
                            <xenc:CipherData>
                                <xenc:CipherValue>SGVsbG8sIHdvcmxkIQ==</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedData>
                    </PayloadRoot>
                </dsse:InlineXML>
            </dsse:EncryptedDocument>
        </DocumentWithSignature>
    </OptionalOutputs>
    <SignatureObject>
        <SignaturePtr WhichDocument="toBeEncrypted" XPath="/ns1:PayloadRoot/ds:Signature[@Id='todo']"/>
    </SignatureObject>
</SignResponse>


OLD VERSION FROM HERE ON


The OptionalInputs defined by the encryption profile comprise OpaqueData (for encryption of non-XML data), StructuredData (for encryption of XML documents or subsets of XML documents) and EncKeySelector (for definition of encryption keys to use). These optional inputs do not interfere with any of the DSS core optional inputs, however, the document order (order of appearance of child elements) of the individual elements is relevant and directly influences the outcome of an encryption request.

Note that multiple OpaqueData or StructuredData elements might reference the same input document. This allows for using different encryption standards (CMS, XMLEnc) on the same content without transmitting it several times. For every OpaqueData or StructuredData optional input, the response contains one EncryptedOpaqueData or EncryptedStructuredData, respectively. These reference the encrypted content, which is contained either in

TODO IDs

The encryption profile supports encryption only requests and combined encryption/signature requests. For the latter, only enveloped and enveloping signatures make sense, since for detached signatures the document (containing the encrypted parts) would not be returned by DSS.

In order to allow for any possible combination of signature and encryption (e.g. encryption of certain parts of a document prior to signing it), the server processes the all dss:IncludeObject, dss:SignaturePlacement, OpaqueData and StructuredData exactly in the order of appearance in the request. The correctness of any XPath pointers (to select which parts of a document to encrypt or where to place the signature element) lies within the responsability of the requesting entity. The following example would produce an error because the document would be encrypted before the signature is inserted and the insertion point for the signature is not part of the nodeset of the encrypted document. The correct configuration would thus place the SignaturePlacement before the StructuredData element (or take account for the changed nodeset, as in the enveloped signature example below).

...
<dss:OptionalInputs>
    <StructuredData reference="#id1">
        <ReplaceContent selector="/root"/>
    </StructuredData>
    <dss:SignaturePlacement WhichDocument="id1" CreateEnvelopedSignature="true">
        <dss:XPathAfter>/root/child[1]</dss:XPathAfter>
    </dss:SignaturePlacement>
</dss:OptionalInputs>
<dss:InputDocuments>
    <dss:Document>
        <dss:InlineXML>
            <dss:Document ID="id1">
                <dss:InlineXML>
                    <root>
                        <child>Hello, </child>
                        <child>world!</child>
                    </root>
                </dss:InlineXML>
            </dss:Document>
        </dss:InlineXML>
    </dss:Document>
</dss:InputDocuments>

Todo: accord DSS-E XPath namespace declarations with DSS XPath namespace declarations

Encryption Profile/Protocol Examples

Examples for the encryption protocol (new top-level protocol messages EncryptRequest and EncryptResponse) and the encryption profile used from within the signature protocol (within SignRequest and SignResponse).

Encryption Request

An encryption request illustrating most of the encryption protocol's capabilities. The Base64 values for certificates, etc. are dummy values.

<?xml version="1.0" encoding="UTF-8"?>
<!-- stand-alone encryption request (new protocol) -->
<EncryptRequest xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema# file:encryption_profile.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <!-- OptionalInputs contains the 'configuration', ie. how/what to encrypt the documents provided in InputDocuments -->
    <dss:OptionalInputs>
        <!-- content encryption key used to encrypt all documents -->
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
        <!-- define arbitrary number of encryption keys (to encrypt content encryption key) -->
        <EncKeySelector id="key1" certValidation="urn:TODO:warn" destination="response">
            <ds:KeyInfo >
                <ds:KeyName>EncryptionKey</ds:KeyName>
                <ds:X509Data>
                    <ds:X509Certificate>SGVsbG8sIHdvcmxkIQ==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </EncKeySelector>
        <!-- encrypt (CMS) the binary data contained in the referenced (#id1) dssDocument's Base64Data child (the data is base64 decoded prior to encryption) -->
        <OpaqueData reference="#id1" containerType="urn:TODO:cms" id="enc1"/>
        <!-- encrypt (XMLEnc) the same binary data as above 
               (the attribute cipherReference requests a xenc:CipherReference with the provided reference; 
                the referenced cipher data octets will be placed in an additional Base64Data output document) -->
        <OpaqueData reference="#id1" containerType="http://www.w3.org/2001/04/xmlenc#" cipherReference="http://example.org/cipherref" id="enc2"/>
        <!-- encrypt (XMLEnc) the XML data contained in the referenced (#id3) dssDocument's child ('target doc') -->
        <StructuredData reference="#id3" id="enc3">
            <SelectorNamespace prefix="a" uri="namespace_a"/>
            <!-- select (xpath) an element (not nodeset!) to encrypt inline (in target doc #id3) -->
            <ReplaceContent selector="/a:root/a:child" id="enc3_a" type="http://www.w3.org/2001/04/xmlenc#Element"/>
            <!-- encrypt the binary data contained in the referenced (#id2) dssTransformedData's Base64Data child (the transform is applied prior to encryption)
                    and insert the resulting xenc:EncryptedData at the specified destination (in target doc #id3)-->
            <InsertContent>
                <EncryptedDataDestination selector="/a:root" nodeCount="0"/>
                <OpaqueData reference="#id2" id="enc3_b"/>
            </InsertContent>
        </StructuredData>
    </dss:OptionalInputs>
    <dss:InputDocuments>
        <dss:Document ID="id1">
            <dss:Base64Data>SGVsbG8sIHdvcmxkIQ==</dss:Base64Data>
        </dss:Document>
        <dss:TransformedData ID="id2">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
            </ds:Transforms>
            <dss:Base64Data>SGVsbG8sIHdvcmxkIQ==</dss:Base64Data>
        </dss:TransformedData>
        <dss:Document ID="id3">
            <dss:InlineXML>
                <a:root xmlns:a="namespace_a">
                    <a:child>Hello, world!</a:child>
                </a:root>
            </dss:InlineXML>
        </dss:Document>
    </dss:InputDocuments>
</EncryptRequest>

Encryption Response

The response message for the above request.

<?xml version="1.0" encoding="UTF-8"?>
<EncryptResponse xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema# file:encryption_profile.xsd" 
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <dss:Result>
        <dss:ResultMajor></dss:ResultMajor>
    </dss:Result>
    <dss:OptionalOutputs>
        <!-- the encrypted content encryption key -->
        <xenc:EncryptedKey Id="key1">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
            <ds:KeyInfo>
                <ds:KeyName>EncryptionKey</ds:KeyName>
                <ds:X509Data>
                    <ds:X509Certificate>SGVsbG8sIHdvcmxkIQ==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>ev1XDJA+pow1QPwTlpcSnEYR7DN1+IIH2nxZ4FYoI0w0dGAD9/DEs4DUXqUZhm7n
                    eOLv9dqJj6nO/Ul6IucBXZit7AQfpujTjPAp4MJVZTXB9UVzCadF4kWgXrk8e6I0
                    64N7SbdOqyWmqe8j7k753cedzjUoUu33kncjSocX8bs=</xenc:CipherValue>
            </xenc:CipherData>
            <xenc:CarriedKeyName>AES128-CBC_ContentEncryptionKey</xenc:CarriedKeyName>
        </xenc:EncryptedKey>
        <!-- first encrypted content; the base64 encoded CMS object is referenced (id1_enc1) -->
        <EncryptedOpaqueData id="enc1" reference="id1_enc1"/>
        <!-- second encrypted content; the base64 encoded xenc:EncryptedData element is referenced (id1_enc2) -->
        <EncryptedStructuredData id="enc2">
            <Document reference="id1_enc2"/>
            <!-- the location (enc2_ref) of the requested CipherReference octets (TODO inline here instead of output document?) -->
            <CipherData cipherReference="http://example.org/cipherref" reference="enc2_ref"/>
        </EncryptedStructuredData>
        <!-- third encrypted content; the inlineXML target document is referenced (id3_enc3) -->
        <EncryptedStructuredData id="enc3">
            <SelectorNamespace prefix="a" uri="namespace_a"/>
            <SelectorNamespace prefix="xenc" uri="http://www.w3.org/2001/04/xmlenc#"/>
            <!-- all encrypted contents produced for this request -->
            <EncryptedDataSelector selector="/a:root/xenc:EncryptedData[id='enc3_a']"/>
            <EncryptedDataSelector selector="/a:root/xenc:EncryptedData[id='enc3_b']"/>
            <Document reference="id3_enc3"/>
        </EncryptedStructuredData>
    </dss:OptionalOutputs>
    <OutputDocuments>
        <dss:Document ID="id1_enc1">
            <!-- OpaqueData of type CMS result in Base64Data  -->
            <dss:Base64Data>SGVsbG8sIHdvcmxkIQ==</dss:Base64Data>
        </dss:Document>
        <dss:Document ID="id1_enc2">
            <!-- OpaqueData of type XMLEnc result in Base64XML (containing the encoded xenc:EncryptedData); references enc2_ref -->
            <dss:Base64XML>SGVsbG8sIHdvcmxkIQ==</dss:Base64XML>
        </dss:Document>
        <dss:Document ID="enc2_ref">
            <!-- the cipher data octets referenced from EncryptedData/CipherReference in id1_enc2 -->
            <dss:Base64Data >SGVsbG8sIHdvcmxkIQ==</dss:Base64Data>
        </dss:Document>
        <dss:Document ID="id3_enc3">
            <!-- inline target document -->
            <dss:InlineXML>
                <!-- (target doc must be self-contained: all required namespaces must be declared)  -->
                <a:root xmlns:a="namespace_a">
                    <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="enc3_b">
                        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <ds:RetrievalMethod URI="#key1"/>
                        </ds:KeyInfo>
                        <CipherData>
                            <CipherValue>SGVsbG8sIHdvcmxkIQ==</CipherValue>
                        </CipherData>
                    </EncryptedData>
                    <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="enc3_a">
                        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <ds:RetrievalMethod URI="#key1"/>
                        </ds:KeyInfo>
                        <CipherData>
                            <CipherValue>SGVsbG8sIHdvcmxkIQ==</CipherValue>
                        </CipherData>
                    </EncryptedData>
                </a:root>
            </dss:InlineXML>
        </dss:Document>
    </OutputDocuments>
</EncryptResponse>

Enveloping Signature SignRequest

Simple request combining DSS (enveloping) signature and encryption. OptionalInputs contains a sequence of control structures defining what parts (selector attribute) of which dss:Document (reference attribute) shall be encrypted. These control structures are processed according to their appearance within the sequence. dss:IncludeObject and dss:SignaturePlacement designate when the signature (enveloping or enveloped, resp.) is to be applied. If neither of these appears in the sequence no signature is created. (It would not make sense to encrypt a document and return a detached signature.) In the example below, part (selector="/a:root/a:child[2]") of the input document (reference="#id1") is encrypted before the entire input document (WhichDocument="id1") is signed. Note that this does not conflict with neither DSS core, nor the stand-alone version of the encryption profile (see above).

<?xml version="1.0" encoding="UTF-8"?>
<dss:SignRequest xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema# file:encryption_profile.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <dss:OptionalInputs>
        <!-- encrypt part of the input document _before_ applying the DSS basic processing -->
        <StructuredData reference="#id1" id="enc1">
            <SelectorNamespace prefix="a" uri="namespace_a"/>
            <ReplaceContent selector="/a:root/a:child[2]" id="enc1_a"/>
        </StructuredData>
        <dss:IncludeObject WhichDocument="id1"/>
    </dss:OptionalInputs>
    <dss:InputDocuments>
        <dss:Document ID="id1" RefURI="">
            <dss:InlineXML>
                <a:root xmlns:a="namespace_a" id="root">
                    <a:child>Hello, </a:child>
                    <a:child>world!</a:child>
                </a:root>
            </dss:InlineXML>
        </dss:Document>
    </dss:InputDocuments>
</dss:SignRequest>

Enveloping Signature SignResponse

The response to the above request.

<?xml version="1.0" encoding="UTF-8"?>
<dss:SignResponse xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:core:schema file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile.xsd"
    Profile="urn:oasis:names:tc:dss:1.0:profiles:encryption">
    <dss:Result>
        <dss:ResultMajor>urn:oasis:names:tc:dss:1.0:resultmajor:Success</dss:ResultMajor>
    </dss:Result>
    <dss:OptionalOutputs>
        <!-- the encrypted content encryption key -->
        <xenc:EncryptedKey Id="key1">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
            <ds:KeyInfo>
                <ds:KeyName>EncryptionKey</ds:KeyName>
                <ds:X509Data>
                    <ds:X509Certificate>SGVsbG8sIHdvcmxkIQ==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>ev1XDJA+pow1QPwTlpcSnEYR7DN1+IIH2nxZ4FYoI0w0dGAD9/DEs4DUXqUZhm7n
                    eOLv9dqJj6nO/Ul6IucBXZit7AQfpujTjPAp4MJVZTXB9UVzCadF4kWgXrk8e6I0
                    64N7SbdOqyWmqe8j7k753cedzjUoUu33kncjSocX8bs=</xenc:CipherValue>
            </xenc:CipherData>
            <xenc:CarriedKeyName>AES128-CBC_ContentEncryptionKey</xenc:CarriedKeyName>
        </xenc:EncryptedKey>
        <!-- the encrypted content; the inlineXML target document is referenced (id1_enc1) -->
        <EncryptedStructuredData id="enc1">
            <SelectorNamespace prefix="a" uri="namespace_a"/>
            <SelectorNamespace prefix="xenc" uri="http://www.w3.org/2001/04/xmlenc#"/>
            <!-- the encrypted contents produced for this request -->
            <EncryptedDataSelector selector="/a:root/xenc:EncryptedData[id='enc1_a']"/>
            <Document reference="id1_enc1"/>
        </EncryptedStructuredData>
    </dss:OptionalOutputs>
    <dss:SignatureObject>
        <ds:Signature>
            <ds:SignedInfo>
                <ds:CanonicalizationMethod
                    Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
                <ds:Reference>
                    <ds:Transforms>
                        <ds:Transform
                            Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
                        />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <ds:DigestValue>0eknQemeF5PYK4BEyUPJaU7jD24=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>hpbk/vnSAoPgx6GyqiwmXk16DZudquz3wmD05JzHlIZOwzqKuJq8jA==</ds:SignatureValue>
            <ds:Object MimeType="text/xml" Id="id1_enc1">
                <a:root xmlns:a="namespace_a" id="root">
                    <a:child>Hello, </a:child>
                    <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="enc1_a">
                        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <ds:RetrievalMethod URI="#key1"/>
                        </ds:KeyInfo>
                        <CipherData>
                            <CipherValue>SGVsbG8sIHdvcmxkIQ==</CipherValue>
                        </CipherData>
                    </EncryptedData>
                </a:root>
            </ds:Object>
        </ds:Signature>
    </dss:SignatureObject>
</dss:SignResponse>

TODO: example with enveloping signature prior to encryption and response containing enveloping signature with decrypt transform.

Enveloped Signature SignRequest

The following example shows a dss:SignRequest for a enveloped signature covering a partly encrypted document. Note that the encryption operation will replace the referenced element (/a:root/a:child[1]) with a xenc:EncryptedData element, which is used to specify the signature placement destination.

<dss:SignRequest  xmlns="urn:oasis:names:tc:dss:1.0:profiles:encryption:schema#"
    xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:oasis:names:tc:dss:1.0:core:schema file:/home/clemens/IAIK/DSSX/encrypt/encryption_profile.xsd">
    <dss:OptionalInputs>
        <StructuredData reference="#id1" id="enc1">
            <SelectorNamespace prefix="a" uri="namespace_a"/>
            <ReplaceContent selector="/a:root/a:child[1]" id="enc1_a"/>
        </StructuredData>
        <dss:SignaturePlacement WhichDocument="id1" CreateEnvelopedSignature="true">
            <dss:XPathAfter xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">/a:root/xenc:EncryptedData</dss:XPathAfter>
        </dss:SignaturePlacement>
    </dss:OptionalInputs>
    <dss:InputDocuments>
        <dss:Document>
            <dss:InlineXML>
                <dss:Document ID="id1">
                    <dss:InlineXML>
                        <a:root xmlns:a="namespace_a" id="root">
                            <a:child>Hello, </a:child>
                            <a:child>world!</a:child>
                        </a:root>
                    </dss:InlineXML>
                </dss:Document>
            </dss:InlineXML>
        </dss:Document>
    </dss:InputDocuments>
</dss:SignRequest>

TODO: example for signature prior to encryption

EncryptionProfile (last edited 2009-08-12 18:03:58 by localhost)