Safelayer Secure Communications
 
 
 Search
Home arrow Try arrow SOAP examples arrow XML Encryption


TeleTrust Innovation Price

Innovation Award
for TrustedX 2007
The European ICT Price. Nominee

for TrustedX 2007
Safelayer Labs
 
Try

SOAP examples

XML Encryption Print E-mail
13 December 2007

In order to understand this example, it is recommended that first you understand the previously seen example: X.509 Certificate Validation.

The method used for encrypting data guarantees confidentiality between the issuer and the recipient. This method uses the key pair supplied by the PKI infrastructure, i.e. the private key and the public key.

The dss:EncryptRequest element in the request indicates to the system that it is an encryption request and its Profile attribute indicates that the encryption involves using the xmlenc profile.

The request also contains css:Recipients, an optional element, which defines who the recipients of the encrypted message are to be.

And finally, the dss:Document element contains the document to be encrypted. 

<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
	<SOAP-ENV:Header><wsse:Security><wsse:UsernameToken wsu:Id="SecurityToken-3265069996882602124"><wsse:Username>dave</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trustedx</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>
	<SOAP-ENV:Body xmlns:css="http://www.safelayer.com/TWS" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-27.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" wsu:Id="Id-792686793907855382">
	<css:EncryptRequest Profile="urn:safelayer:tws:de:1.0:profiles:xmlenc:1.0:encrypt" RequestID="Id-6963162054466289454"><dss:OptionalInputs><css:Recipients><css:Recipient><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEVzCCAz+gAwIBAgICA8EwDQYJKoZIhvcNAQEFBQAwbjFBMD8GA1UEChM4U2FmZWxheWVyIFNlY3VyZSBDb21tdW5pY2F0aW9ucywgUy5BLiBbQy5JLkYuIEE2MTkzMDA0Nl0xKTAnBgNVBAMTIFNhZmVsYXllciAtIENsYXNzIDEgUm9vdCBDQSBEZW1vMB4XDTA4MDExMDExNDYwNFoXDTA5MDExMDExNDYwNFowPjELMAkGA1UEBhMCRVMxETAPBgNVBAoTCFRydXN0ZWRYMQ0wCwYDVQQLEwREZW1vMQ0wCwYDVQQDEwREYXZlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwgP6U2BdxG/hUzPLlVN4maa79hfsxfOpvENDo4BOCmni9IhXBsFoQkNt/an/JILIhsZm1Pz+oiOZCuzb6FJxHMoKltxMFukZnGBdyDvhAKJVx5J9t165hB82x2cIjkjyGEdRCEpmp40IQV23P0/t71vj9tEF2dTRhs723KZvk2wIDAQABo4IBsTCCAa0wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA/gwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQUsQmFz7/Ei7KW7aJu01YtRCIH3yUwgZgGA1UdIwSBkDCBjYAUNEmbBBkEQgCP0PZ4m8TXjcAX7TShcqRwMG4xQTA/BgNVBAoTOFNhZmVsYXllciBTZWN1cmUgQ29tbXVuaWNhdGlvbnMsIFMuQS4gW0MuSS5GLiBBNjE5MzAwNDZdMSkwJwYDVQQDEyBTYWZlbGF5ZXIgLSBDbGFzcyAxIFJvb3QgQ0EgRGVtb4IBATA4BggrBgEFBQcBAQQsMCowKAYIKwYBBQUHMAGGHGh0dHA6Ly92YS5zYWZlbGF5ZXIuY29tOjgwOTQwZwYDVR0fBGAwXjBcoFqgWIYpaHR0cDovL2NhLnNhZmVsYXllci5jb20vY3Jscy9jcmxEZW1vcy5jcmyGK2h0dHA6Ly9kZW1vLnNhZmVsYXllci5jb20vY3Jscy9jcmxEZW1vcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAH1/za0hD5V/JBCFHZRtXtQfkrP9Os+iD5lq04+el+ULnXR03F801scmdLoFLT6IC69wwnGO61lQpRvzPf2GYBB5QOfU/13CeZEVWyG4k5kx8jcDvT2SCbPJ5Ewh74tO8PnRH+/5Ja5pj9MIv51sRXEP5mJrf5rOEyRX5ZK/aSZuGaEkuIOhsYoKGvAkf8gxuBZ5Jj0CP9vPnRJXReXov6GkUoJd45NulOIHEa3vuJnserph3cX+D3yJV1ytRZAurOIWtxlkp4uWiNUa4yzGIcXT03TRLn96iyB+uDL4U4i725e3kE6oSlB2STjvGctkSm0lVKCRk007ioN2WnsDYRY=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></css:Recipient></css:Recipients></dss:OptionalInputs><dss:InputDocuments><dss:Document><dss:XMLData><trustedx Id="data"><example Id="node1">Simple xml file</example><description Id="node2" format="text">XMLDSig/XAdES TrustedX signatures</description></trustedx></dss:XMLData></dss:Document></dss:InputDocuments></css:EncryptRequest></SOAP-ENV:Body>
</SOAP-ENV:Envelope>
 
 
 

The following explanation refers to the response that the TrustedX platform obtains once the request has been sent. Therefore, you should press the "try" button (above) to generate this response.

The css:EncryptResponse element indicates that it is a response to a previous encryption request. In particular, the xenc:EncryptedData element indicates the beginning of the encrypted response.

As you can see in the response, there are two encrypted values (xenc:CipherValue). This is because the encryption is performed in two parts. The first consists in encrypting the data using a symmetric method (with algorithm aes128 of the xenc:EncryptionMethod element) and the second part involves encryption of the symmetric key resulting from the encryption, using the asymmetric key or public key method (with algorithm rsa-1_5 of the xenc:EncryptionMethod element). Therefore, the complexity of calculation is simplified, while maintaining the advantages of the PKI infrastructure.

Lastly, from the ds:KeyInfo element, we can see that the response returned information about the key used to generate the asymmetric signature.

 

 
© 2009 labs.safelayer.com