How to encrypt data in XML files

XML Encryption is a new standard defined by W3C, which defines the encryption of data, afterwards representing it as XML. It can encrypt virtually any type of data, including arbitrary data, an XML element and an XML element content.

The result of the data encryption is an XML document, which contains the encrypted data or a link to it. It has been called XML encryption or XML-enc because an XML element refers to or contains the cipher text, keyring information and the algorithms used for encrypting the data. For deciphering the encrypted data, XML Encryption uses the KeyInfo element that is a child of a SignedInfo, EncryptedData or EncryptedKey element and contains or provides the link to a recipient what is the keyring to use in validating the encrypted text or the signature.

If the encryption is being done on an XML element or an element content the EncryptedData element is put in the place of the original element in the encrypted version of the XML document. But if encrypting arbitrary data, there are two ways the data can be represented: it may be either the root of the newly-created document, or become a child element in the finite application-chosen XML document.

The XML Encryption W3C document was officially released 10 December 2002, being produced by the W3C XML Encryption Working Group. It’s main purpose was to create a specification that would be sufficient for the creation of independent interoperable implementations. It was released as W3C’s XML Encryption Recommendation (REC). It is a stable document and can be used as reference material and therefore cited from other documents.

W3c created this Recommendation in order to draw attention to the XML encryption Specification in order to promote its widespread deployment, as this would bring a great amount of flexibility and additional functionality and interoperability to the Web.