System.Security
2.0.0.0
4.0.0.0
System.Object
The class is the main class used for XML encryption in the .NET Framework. XML Encryption is a standards-based, interoperable way to encrypt all or part of an XML document or any arbitrary data. The .NET Framework XML encryption classes implement the World Wide Web Consortium (W3C) specification for XML encryption located at http://www.w3.org/TR/xmlenc-core/.
Use the class whenever you need to share encrypted XML data between applications or organizations in a standard way. Any data encrypted using this class can be decrypted by any implementation of the W3C specification for XML encryption.
XML encryption replaces any plain text XML element or document with the <EncryptedData> element, which contains an encrypted (or cipher text) representation of plain text XML or any arbitrary data. The <EncryptedData> element can optionally contain information about where to find a key that will decrypt the cipher text, and which cryptographic algorithm was used to encrypt the plain text.
The <EncryptedKey> element is similar to the <EncryptedData> element in style and usage, except that it allows you to encrypt a key that will decrypt the value of the <EncryptedData> element. Note that the <EncryptedKey> element and the <EncryptedData> element will never contain an unencrypted key.
Use one of the following methods to exchange key information:
-
Do not include any key information. If you choose this option, both parties must agree on an algorithm and key before they exchange encrypted data.
-
Include the location of the key in the Uniform Resource Identifier (URI) attribute of the <RetrievalMethod> element. Both parties must agree on the key location ahead of time and this location must be kept secret.
-
Include a string name that maps to a key in the <KeyName> element. Both parties must agree on the key name mapping before they exchange encrypted data and this mapping must be kept secret.
-
Include an encrypted key in the <EncryptedKey> element. Both parties must agree on the key that decrypts the encrypted key before they exchange encrypted data. You can optionally include a name or location of the key that will decrypt the key in the <EncryptedKey> element.
Represents the process model for implementing XML encryption.
Constructor
2.0.0.0
4.0.0.0
This is the default constructor for the main class for XML encryption in the .NET Framework.
Initializes a new instance of the class.
Constructor
2.0.0.0
4.0.0.0
Use this constructor to create an object when you want to specify the XML document to encrypt. The parameter comprises the XML elements that later form the encrypted XML.
Initializes a new instance of the class using the specified XML document.
An object used to initialize the object.
Constructor
2.0.0.0
4.0.0.0
Use this constructor to create an object when you want to specify the XML document to encrypt and provide security evidence. The parameter comprises the XML elements that later form the encrypted XML.
Initializes a new instance of the class using the specified XML document and evidence.
An object used to initialize the object.
An object associated with the object.
Method
2.0.0.0
4.0.0.0
System.Void
The method allows you to map a symmetric key or an asymmetric key to a string name. This method adds the values of the and parameters to a table of valid key name mappings.
Use the method to clear the key name mappings table.
Defines a mapping between a key name and a symmetric key or an asymmetric key.
The name to map to .
The symmetric key to map to .
Method
2.0.0.0
4.0.0.0
System.Void
Use this method to clear all key name mapping that you have set using the method.
Resets all key name mapping.
Method
2.0.0.0
4.0.0.0
System.Byte[]
To be added.
Use the method to decrypt an element using a symmetric key.
Note that the method only decrypts top-level <EncryptedData> tags. In cases where one or more <EncryptedData> tags have been encrypted and are contained within higher level <EncryptedData> tags, you can call the method separately for each one. See the method for a code example.
Decrypts an <EncryptedData> element using the specified symmetric algorithm.
A byte array that contains the raw decrypted plain text.
The data to decrypt.
Method
2.0.0.0
4.0.0.0
System.Void
The method decrypts all <EncryptedData> elements of the XML document loaded during initialization. After you call this method, all <EncryptedData> elements in the document are replaced with plain text versions.
The method decrypts only top-level <EncryptedData> elements. If you need to decrypt a super-encrypted document (a document that is encrypted more than once), you must call the method repeatedly until all the <EncryptedData> elements have been decrypted.
The method decrypts only valid XML data. To decrypt arbitrary data, use the method.
To use XML Encryption with X.509 certificates, you must have the Microsoft Enhanced Cryptographic Provider installed and the X.509 certificate must use the Enhanced Provider. If you do not have the Microsoft Enhanced Cryptographic Provider installed or the X.509 certificate does not use the Enhanced Provider, a with an "Unknown Error" will be thrown when you decrypt an XML document.
Decrypts all <EncryptedData> elements of the XML document that were specified during initialization of the class.
Method
2.0.0.0
4.0.0.0
System.Byte[]
The method decrypts an encrypted key contained within the <EncryptedKey> element of an XML document.
This recursive method finds the key represented by the object. Note that an object can contain another object that specifies its value.
Determines the key represented by the element.
A byte array that contains the key.
The object that contains the key to retrieve.
Method
2.0.0.0
4.0.0.0
System.Byte[]
To be added.
The method decrypts an encrypted key contained within the <EncryptedKey> element of an XML document. This method accepts a value for the parameter that represents either the Triple DES algorithm or the AES key wrap algorithm (also called Rijndael).
Decrypts an <EncryptedKey> element using a symmetric algorithm.
A byte array that contains the plain text key.
An array of bytes that represents an encrypted <EncryptedKey> element.
Method
2.0.0.0
4.0.0.0
System.Byte[]
To be added.
The method decrypts an encrypted key contained within the <EncryptedKey> element of an XML document. This method accepts a value for the parameter that represents either the RSA PKCS#1 v1.5 algorithm or the RSA PKCS#1 type 2 algorithm (also called OAEP padding).
Decrypts an <EncryptedKey> element using an asymmetric algorithm.
A byte array that contains the plain text key.
An array of bytes that represents an encrypted <EncryptedKey> element.
The asymmetric key used to decrypt .
Property
2.0.0.0
4.0.0.0
System.Security.Policy.Evidence
To be added.
If the XML document used to create the object has any security evidence, you should add the evidence to the property. If you do not set this property, any associated objects will not be dereferenced because they will not be granted the required permission set.
Gets or sets the evidence of the object from which the object is constructed.
Property
2.0.0.0
4.0.0.0
System.Text.Encoding
To be added.
UTF-8 encoding is the default encoding for XML encryption. You can use this property to specify other types of encoding from the class, such as UTF-16 or ASCII.
Gets or sets the encoding used for XML encryption.
Method
2.0.0.0
4.0.0.0
System.Security.Cryptography.Xml.EncryptedData
The method is a convenient way to encrypt the outer XML of an element using a certificate. This method generates a 256-bit Advanced Encryption Standard (AES) session key to encrypt an XML element and then encrypts and signs the AES key using the object. The method then returns the resulting XML as an element.
If you need more control over the encryption, so you can place the encrypted information into a <CipherReference> element or specify whether the entire XML element or just its contents should be encrypted, use the method overloads.
To use XML Encryption with X.509 certificates, you must have the Microsoft Enhanced Cryptographic Provider installed and the X.509 certificate must use the Enhanced Provider. If you do not have the Microsoft Enhanced Cryptographic Provider installed or the X.509 certificate does not use the Enhanced Provider, a with an "Unknown Error" will be thrown when you decrypt an XML document.
Encrypts the outer XML of an element using the specified X.509 certificate.
An element that represents the encrypted XML data.
The XML element to encrypt.
The X.509 certificate to use for encryption.
Method
2.0.0.0
4.0.0.0
System.Security.Cryptography.Xml.EncryptedData
This method is a convenient way to encrypt the outer XML of an element using a key name. If you need more control over the encryption, so you can place the encrypted information into a <CipherReference> element or specify whether the entire XML element or just its contents should be encrypted, use the method overloads.
For a list of all supported algorithms, see the list of constant fields associated with the class.
Encrypts the outer XML of an element using the specified key in the key mapping table.
An object that represents the encrypted XML data.
The XML element to encrypt.
A key name that can be found in the key mapping table.
Method
2.0.0.0
4.0.0.0
System.Byte[]
To be added.
To be added.
The returned byte array can be placed into a <CipherValue> element. This method assumes that the data specified in the parameter is a byte array that contains XML data.
Encrypts data in the specified byte array using the specified symmetric algorithm.
A byte array of encrypted data.
Method
2.0.0.0
4.0.0.0
System.Byte[]
To be added.
The returned byte array data is the value of the <CipherValue> element.
Encrypts the specified element or its contents using the specified symmetric algorithm.
A byte array that contains the encrypted data.
The element or its contents to encrypt.
true to encrypt only the contents of the element; false to encrypt the entire element.
Method
2.0.0.0
4.0.0.0
System.Byte[]
To be added.
Use the method to encrypt the key that a recipient uses to decrypt an <EncryptedData> element. This method accepts a value for the parameter that represents either the Triple DES algorithm or the AES key wrap algorithm (also called Rijndael).
Note that this method does not automatically place the encrypted key within an <EncryptedKey> element. You must manually create the <EncryptedKey> element within your document.
Encrypts a key using a symmetric algorithm that a recipient uses to decrypt an <EncryptedData> element.
A byte array that represents the encrypted value of the parameter.
The key to encrypt.
Method
2.0.0.0
4.0.0.0
System.Byte[]
To be added.
Use the method to encrypt the key that a recipient uses to decrypt an <EncryptedData> element. This method accepts a value for that represents either the RSA PKCS#1 v1.5 algorithm or the RSA PKCS#1 type 2 algorithm (also called OAEP).
Note that this method does not automatically place the encrypted key within an <EncryptedKey> element. You must manually create the <EncryptedKey> element within your document.
Encrypts the key that a recipient uses to decrypt an <EncryptedData> element.
A byte array that represents the encrypted value of the parameter.
The key to encrypt.
The asymmetric key used to encrypt .
Method
2.0.0.0
4.0.0.0
System.Byte[]
To be added.
Given an object, this method retrieves the decryption initialization vector (IV). The default behavior retrieves the IV as the first bytes of the byte array.
For a list of Uniform Resource Identifier (URI) values supported by the parameter, see the list of constant fields associated with the class.
Retrieves the decryption initialization vector (IV) from an object.
A byte array that contains the decryption initialization vector (IV).
The object that contains the initialization vector (IV) to retrieve.
Method
2.0.0.0
4.0.0.0
System.Security.Cryptography.SymmetricAlgorithm
To be added.
Given an object, this method looks for the decryption key that can be used to retrieve the plain text data. If a key name is specified, the method looks for the symmetric algorithm or asymmetric algorithm that is associated with the key name as defined in the key name mapping. Otherwise, if a retrieval method or an object is specified, the method loads the object and calls the method.
Retrieves the decryption key from the specified object.
A object associated with the decryption key.
The object that contains the decryption key to retrieve.
Method
2.0.0.0
4.0.0.0
System.Xml.XmlElement
The method determines how to resolve internal Uniform Resource Identifiers (URIs). It looks for elements with a specified value or for elements with an ID attribute that has a specified value.
Determines how to resolve internal Uniform Resource Identifier (URI) references.
An object that contains an ID indicating how internal Uniform Resource Identifiers (URIs) are to be resolved.
An object that contains an element with an ID value.
A string that represents the ID value.
Property
2.0.0.0
4.0.0.0
System.Security.Cryptography.CipherMode
To be added.
Cipher Block Chaining (CBC) mode is the default cipher mode for XML encryption. You can use this property to specify other cipher modes of the enumeration, such as Cipher Feedback (CFB) mode.
Gets or sets the cipher mode used for XML encryption.
Property
2.0.0.0
4.0.0.0
System.Security.Cryptography.PaddingMode
To be added.
ISO-10126 padding is the default padding mode for XML encryption. You can use this property to specify other padding modes of the enumeration, such as ANSI X9.23 or PKCS#5.
Gets or sets the padding mode used for XML encryption.
Property
2.0.0.0
4.0.0.0
System.String
To be added.
You can access the object referenced by a key name by examining the property.
Use the property to identify the element that the current recipient can decrypt to retrieve a decryption key.
Gets or sets the recipient of the encrypted key information.
Method
2.0.0.0
4.0.0.0
System.Void
The method replaces an <EncryptedData> element with the value of the parameter.
Replaces an <EncryptedData> element with a specified decrypted sequence of bytes.
The <EncryptedData> element to replace.
The decrypted data to replace with.
Method
2.0.0.0
4.0.0.0
System.Void
The method replaces the parameter with the value specified by the parameter.
Replaces the specified element with the specified object.
The element to replace with an <EncryptedData> element.
The object to replace the parameter with.
true to replace only the contents of the element; false to replace the entire element.
Property
2.0.0.0
4.0.0.0
System.Xml.XmlResolver
To be added.
This property contains an object used to resolve external XML resources such as entities, document type definitions (DTDs), or schemas.
Gets or sets the object used by the Document Object Model (DOM) to resolve external XML references.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#kw-aes128".
Represents the namespace Uniform Resource Identifier (URI) for the 128-bit Advanced Encryption Standard (AES) Key Wrap algorithm (also known as the Rijndael Key Wrap algorithm). This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#aes128-cbc".
Represents the namespace Uniform Resource Identifier (URI) for the 128-bit Advanced Encryption Standard (AES) algorithm (also known as the Rijndael algorithm). This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#kw-aes192".
Represents the namespace Uniform Resource Identifier (URI) for the 192-bit Advanced Encryption Standard (AES) Key Wrap algorithm (also known as the Rijndael Key Wrap algorithm). This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#aes192-cbc".
Represents the namespace Uniform Resource Identifier (URI) for the 192-bit Advanced Encryption Standard (AES) algorithm (also known as the Rijndael algorithm). This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#kw-aes256".
Represents the namespace Uniform Resource Identifier (URI) for the 256-bit Advanced Encryption Standard (AES) Key Wrap algorithm (also known as the Rijndael Key Wrap algorithm). This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#aes256-cbc".
Represents the namespace Uniform Resource Identifier (URI) for the 256-bit Advanced Encryption Standard (AES) algorithm (also known as the Rijndael algorithm). This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#des-cbc".
Represents the namespace Uniform Resource Identifier (URI) for the Digital Encryption Standard (DES) algorithm. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#Content".
Represents the namespace Uniform Resource Identifier (URI) for XML encryption element content. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#Element".
Represents the namespace Uniform Resource Identifier (URI) for an XML encryption element. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#EncryptedKey".
Represents the namespace Uniform Resource Identifier (URI) for the XML encryption <EncryptedKey> element. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#".
Represents the namespace Uniform Resource Identifier (URI) for XML encryption syntax and processing. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#rsa-1_5".
Represents the namespace Uniform Resource Identifier (URI) for the RSA Public Key Cryptography Standard (PKCS) Version 1.5 algorithm. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".
Represents the namespace Uniform Resource Identifier (URI) for the RSA Optimal Asymmetric Encryption Padding (OAEP) encryption algorithm. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#sha256".
Represents the namespace Uniform Resource Identifier (URI) for the SHA-256 algorithm. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#sha512".
Represents the namespace Uniform Resource Identifier (URI) for the SHA-512 algorithm. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#kw-tripledes".
Represents the namespace Uniform Resource Identifier (URI) for the TRIPLEDES key wrap algorithm. This field is constant.
Field
2.0.0.0
4.0.0.0
System.String
The value of the field is "http://www.w3.org/2001/04/xmlenc#tripledes-cbc".
Represents the namespace Uniform Resource Identifier (URI) for the Triple DES algorithm. This field is constant.