Secure XML: The New Syntax for Signatures and Encryption

15.5. Encryption Security Considerations

This section discusses some special security considerations in XML Encryption.

15.5.1. Combining XMLDSIG and XML Encryption

Special considerations apply when you use both authentication and confidentiality together. Refer to Chapter 16 for more details.

15.5.2. Information Revealed

As discussed in Chapter 2, when you share a symmetric key amongst multiple recipients, you can safely use that key only for data intended for all recipients. That is, any recipient not sent the data might intercept the information and decrypt it.

Application designers should not reveal any information in parameters or algorithm identifiers (e.g., in plain text URIs) that weakens the encryption or tends to compromise the plain ...

Get Secure XML: The New Syntax for Signatures and Encryption now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure XML: The New Syntax for Signatures and Encryption by Donald E. Eastlake, Kitty Niles

15.5. Encryption Security Considerations

15.5.1. Combining XMLDSIG and XML Encryption

15.5.2. Information Revealed

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly