XML Encryption
In-game article clicks load inline without leaving the challenge.
XML Encryption (XML-Enc) is a specification governed by a World Wide Web Consortium (W3C) recommendation, that defines how to encrypt the contents of an XML element.
Specification
Although XML Encryption can be used to encrypt any kind of data, it is nonetheless known as "XML Encryption" because an XML element (either an EncryptedData or EncryptedKey element) contains or refers to the cipher text, keying information, and algorithms.
Both XML Signature and XML Encryption use the KeyInfo element, which appears as the child of a SignedInfo, EncryptedData, or EncryptedKey element and provides information to a recipient about what keying material to use in validating a signature or decrypting encrypted data.
The KeyInfo element is optional: it can be attached in the message, or be delivered through a secure channel.
XML Encryption is different from and unrelated to Transport Layer Security (TLS), which is used to send encrypted messages (including XML content, both encrypted and otherwise) over the internet.
Jager & Somorovsky (2011) reported that this specification has severe security concerns. In response to this, the specification of XML Encryption 1.1 published in 2013 included a Galois/Counter Mode block cypher algorithm.[clarification needed]
Citations
Sources
- Imamura, T.; Dillaway, B.; Simon, E. (10 December 2002). Eastlake, D.; Reagle, J. (eds.). . W3C.
- Imamura, T.; Dillaway, B.; Simon, E.; Yiu, K.; Nyström, M. (11 April 2013). Eastlake, D.; Reagle, J.; Hirsch, F.; Roessler, T. (eds.). . W3C.
- Jager, T.; Somorovsky, J. (19 October 2011). "How to break XML encryption". Proceedings of the 18th ACM conference on Computer and communications security. New York: Association for Computing Machinery. pp. 413–422. doi:. ISBN 978-1-4503-0948-6.
- Hirsch, F., ed. (11 April 2013). . W3C.
- Somorovsky, J.; Schwenk, J. (June 2012). (PDF). 2012 IEEE Eighth World Congress on Services. IEEE. doi:. ISBN 978-1-4673-3053-4.
- Jager, T.; Paterson, K. G.; Somorovsky, J. (24 April 2013). . NDSS Symposium 2013.
- Kupser, D.; Mainka, C.; Schwenk, J.; Somorovsky, J. (August 2015). . 9th USENIX Workshop on Offensive Technologies (WOOT '15).