dp:encrypt-data()

Namespace declaration

xmlns:dp="http://www.datapower.com/extensions"

Parameters

algorithm

The xs:string that identifies the symmetric cryptographic algorithm that is used for encryption. The firmware supports the following values.

• http://www.w3.org/2001/04/xmlenc#tripledes-cbc
• http://www.w3.org/2001/04/xmlenc#aes128-cbc
• http://www.w3.org/2001/04/xmlenc#aes192-cbc
• http://www.w3.org/2001/04/xmlenc#aes256-cbc
• http://www.w3.org/2009/xmlenc11#aes128-gcm
• http://www.w3.org/2009/xmlenc11#aes192-gcm
• http://www.w3.org/2009/xmlenc11#aes256-gcm

key

The xs:string that identifies the session key that is used by the algorithm to encrypt the text. Use one of the following prefixes for a shared secret key.

• name:key, such as name:alice, that is the alice shared secret key alias.
• key:base64 is a base-64-encoded literal that is the shared secret key. If you enter base64 without the key: prefix, the function uses base64 as the key.
• hex:hex is a hex-encoded literal that is the shared secret key.

text

The node set that contains the data to encrypt.

Guidelines

The encrypt-data() function uses the PKCS #5 padding scheme to encrypt data. This padding scheme allows clients that are decrypting data with either the PKCS #5 or the XML Encryption padding scheme to accept data that was encrypted with this function.

This function is used during the XML encryption process. It uses a session key and specified cryptographic algorithm to encrypt a plaintext document.

Depending on XSLT instructions in a stylesheet, a document can be selectively encrypted. That is, any or all XML elements in the plaintext document can be encrypted. All children of an encrypted element are also encrypted.

The encryption process removes the encrypted subtree from the XML document and substitutes an <EncryptedData> element in its place.

The extension passes all arguments as XPath expressions.

Results

A base-64 encoded xs:string that contains the encrypted text.