Status of This Document
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
This is a first public working draft of Test Cases for XML Encryption
1.1 [XMLENC-CORE1] and is intended to become a W3C Note. The XML Security working group plans to revise
and add additional
test cases to this document.
This document was published by the XML Security Working Group as a First Public Working Draft. If you wish to make comments regarding this document, please send them to public-xmlsec@w3.org (subscribe, archives). All feedback is welcome.
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. The group does not expect this document to become a W3C Recommendation. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
2. In-place encryption of XML
All the tests in this section take the
plaintext.xml and encrypt it in-place,
i.e. the root element of the
plaintext.xml is replaced by
<EncryptedData>.
The details about the encryption key are embedded in the
<KeyInfo>
2.1 Key wrapping
In these tests the
- At first the content is encrypted by a random symmetric key .
The KeyInfo of the contents's EncryptedData has an EncryptedKey.
- Then this symmetric key is wrapped by an public key.
The KeyInfo of this EncryptedKey has X509Data of the public key.
| Encryption Parameters |
CipherText |
Remarks |
Asymmetric
Key |
Content encryption
algorithm |
Key encryption
algorithm |
| RSA-2048 |
aes128-gcm |
rsa-oaep-mgf1p
Digest:SHA256, MGF:SHA1
PSource: None |
cipherText |
All the examples in this table use the new AES-GCM algorithm. |
| RSA-3072 |
aes192-gcm |
rsa-oaep-mgf1p
Digest:SHA256, MGF:SHA1
PSource: None |
cipherText |
In this example the OAEP digest method is specified as SHA256. The MFG algorithm is SHA1. |
| RSA-3072 |
aes256-gcm |
rsa-oaep
Digest:SHA384, MGF:SHA1
PSource: None |
cipherText |
This example uses the new #rsa-oaep algorithm that takes in explicit MGF
algorithm. The MGF has been specified as SHA1. |
| RSA-4096 |
aes256-gcm |
rsa-oaep
Digest:SHA512, MGF:SHA1
PSource: Specified 8 bytes |
cipherText |
This also uses #rsa-oaep but has a 8 byte PSource explicitly defined . |
2.2 Key Agreement
In these tests the
- At first the content is encrypted by a random symmetric key .
The KeyInfo of the content's EncryptedData has EncryptedKey.
- Then this symmetric key is wrapped by a second symmetric key that is derived from the key agreement.
The KeyInfo of first symmetric key's EncryptedKey has AgreementMethod.
- Key agreement is based on one sender's ephemeral key and receiver's static key.
The OriginatorKeyInfo of AgreementMethod has a temporary generated key indicated by KeyValue.
The RecipientKeyInfo of AgreementMethod has X509Data which is the receiver's public key.
| Encryption Parameters |
CipherText |
Remarks |
Asymmetric
Key |
Content encryption
algorithm |
Key Wrapping
algorithm |
Key Agreement
algorithm |
Key Derivation
algorithm |
| EC-P256 |
aes128-gcm |
kw-aes128 |
ECDH-ES |
ConcatKDF |
cipherText |
In the first three examples the key wrapping algorithm size matches the symmetric algorithm key size. This
is not required, the AES key wrapping algorithms can encrypt any data that is a multiple of 64 bits. |
| EC-P384 |
aes192-gcm |
kw-aes192 |
ECDH-ES |
ConcatKDF |
cipherText |
| EC-P521 |
aes256-gcm |
kw-aes256 |
ECDH-ES |
ConcatKDF |
cipherText |
| DH-1024 |
aes128-gcm |
kw-aes128 |
dh-es |
PBKDF2 |
cipherText |
This example encrypts with a Diffie Hellman key with with the new algorithm #dh-es in which the
key derivation function is explicitly specified. |
| EC-P256 |
aes128-gcm |
kw-aes256 |
ECDH-ES |
PBKDF2 |
cipherText |
This example uses EC keys, but not the ConcatKDF key derivation function. Instead it uses the PBKDF2 key derivation.
Also notice that the encryption algorithm and key wrapping algorithm have different key lengths - 128 and 256
respectively . The PBKDF2 parameters
specifies a key length of 32 to match the wrapping algorithm key length. |
A. References
Dated references below are to the latest known or appropriate edition of the referenced work. The referenced works may be subject to revision, and conformant implementations may follow, and are encouraged to investigate the appropriateness of following, some or all more recent editions or replacements of the works cited. It is in each case implementation-defined which editions are supported.