What is XML Encryption?
Extensible Markup Language (XML) lets you define and store data in a shareable manner. XML supports information exchange between computer systems such as websites, databases, and third-party applications. Predefined rules make it easy to transmit data as XML files over any network because the recipient can use those rules to read the data accurately and efficiently.1 XML encryption is a security mechanism that assures the data confidentiality of transmitted messages. Entire messages can be encrypted, or senders can choose to encrypt only certain elements of a message.2 A Simple Object Access Protocol (SOAP) message is an ordinary XML document containing the following elements:
- Envelope element that identifies the XML document as a SOAP message
- Header element that contains header information
- Body element that contains call and response information
- Fault element containing errors and status information
When a SOAP message is encrypted, only the service that knows the appropriate key can decrypt and read the message.
Encryption is the process of coding clear text to create ciphertext.
Decryption is the process of decoding ciphertext to restore the clear text.
When information at rest and information in transit cannot be accessed by unauthorized parties, complete message confidentiality is achieved. Encryption makes a message indecipherable while it is in transit from one secure endpoint to another. The two types of encryption are:
Symmetric key encryption. Symmetric key encryption uses the same key to encrypt and decrypt a message. The key is a secret key because it is kept between the two involved parties (the sender and receiver). Symmetric key encryption is often much faster than asymmetric encryption.
Asymmetric (public) key encryption. Asymmetric key encryption uses two different keys for encryption and decryption: a private key, known only to its owner, and a public key which the owner makes available to the receiver. The private and public keys are mathematically linked in an X.509 digital certificate. In addition to providing data confidentiality through encryption, the certificate public key can be used to verify digital signatures that are created by the message sender.
The XML Encryption Syntax and Processing specification defines a process for encrypting data and representing the result in XML. The data can be:
- Arbitrary data, including an XML document
- XML element
- XML element content
When data is encrypted, the result is an Encrypted Data element, which either contains or references the cipher data.
1 AWS, 2023, “What is XML?”
2 IBM, 2021, “XML encryption overview”