The XMLSecurity Provider component is used to sign and encrypt data based on a key (that is entered by the user) and an algorithm specifically designed for XML.This component can handle Digest data too.
If the message is signed/digested by the sender, the recipient can verify if the message is from the correct sender and if the message changed during transmission.
Configuration and Testing
Interaction Configuration
The component has the following attributes which can be configured from its Configuration Property sheet (CPS).
Figure 1: XML Security Provider CPS
Mode: The six modes available are listed below:
ENCRYPT: To encrypt the data without signing.
DECRYPT: To decrypt the data without verifying.
SIGN: If the user wants to SIGN.
VERIFY: To verify if the XML is tampered by any means.
SIGN_ENCRYPT: Encryption and Signing are done together.
DECRYPT_VERIFY: Decryption and Verification are done together.
Encryption Algorithm: Specify the algorithm for encryption of the selected element.
Signing Algorithm: Specify the algorithm for signing.
Host Private Key Password: Password of the private key.
Host Store Password: Password of the Keystore.
Host KeyStore Alias :The name given to the keypair containing the private key.
Host KeyStore: Path to the Hosts keystore.
Partner certificate: Path of the public key.
Encryption KeyLength: Specify the length of the encryption key to be generated.
Encryption Key Algorithm: Algorithm to generate the intermediate key for encryption.
Key Transportation Algorithm: The Key Transport Algorithm is a one-pass (store-and-forward) mechanism for transporting keying data to a recipient using the recipient's public key.
Input Schema: Load the input schema for operation.
Output Schema: Load the required output schema.
Elements to Encrypt/Decrypt: Select the elements to encrypt and decrypt.
Functional Demonstration
Scenario 1
Configure the XMLSecurityProvider components as described in Configuration and Testing section and use a Feeder component to send sample input, and two Display components to display the responses from the two security providers respectively as shown in Figure 2.
'Title' is chosen as the element for encryption in the following scenario.
Figure 2: Sample flow
Sample Input
Figure 3: Sample input being sent using feeder
Sample Output
The first display shows the Sign-Encrypted message. Note that the same element (in this case, the element 'Title') is selected for signing (Hashing) and encryption, while the second Display component shows the final output where the encrypted element Title is decrypted and verified.
Figure 4: Response in Display1
Figure 5: Response in Display2