dp:encrypt-data()
Encrypts an XML document with a specified session key and symmetric cryptographic algorithm.
Namespace declaration
xmlns:dp="http://www.datapower.com/extensions"
Syntax
dp:encrypt-data(algorithm, key, text)
Parameters
- algorithm
- The
xs:string
that identifies the symmetric cryptographic algorithm that is used for encryption. The firmware supports the following values.http://www.w3.org/2001/04/xmlenc#tripledes-cbc
http://www.w3.org/2001/04/xmlenc#aes128-cbc
http://www.w3.org/2001/04/xmlenc#aes192-cbc
http://www.w3.org/2001/04/xmlenc#aes256-cbc
http://www.w3.org/2009/xmlenc11#aes128-gcm
http://www.w3.org/2009/xmlenc11#aes192-gcm
http://www.w3.org/2009/xmlenc11#aes256-gcm
- key
- The
xs:string
that identifies the session key that is used by the algorithm to encrypt the text. Use one of the following prefixes for a shared secret key.name:key
, such asname:alice
, that is thealice
shared secret key alias.key:base64
is a base-64-encoded literal that is the shared secret key. If you enter base64 without thekey:
prefix, the function usesbase64
as the key.hex:hex
is a hex-encoded literal that is the shared secret key.
- text
- The node set that contains the data to encrypt.
Guidelines
The encrypt-data() function uses the PKCS #5 padding scheme to encrypt data. This padding scheme allows clients that are decrypting data with either the PKCS #5 or the XML Encryption padding scheme to accept data that was encrypted with this function.
This function is used during the XML encryption process. It uses a session key and specified cryptographic algorithm to encrypt a plaintext document.
Depending on XSLT instructions in a stylesheet, a document can be selectively encrypted. That is, any or all XML elements in the plaintext document can be encrypted. All children of an encrypted element are also encrypted.
The
encryption process removes the encrypted subtree from the XML document
and substitutes an <EncryptedData>
element in
its place.
The extension passes all arguments as XPath expressions.
Results
A base-64 encoded xs:string
that contains the encrypted text.
Example
…
<xsl:variable name="ciphertext">
<xsl:value-of select="dp:encrypt-data($algorithm,$session-key,$node)"/>
</xsl:variable>
…