XML Encryption Service (com.ibi.agents.XDXMLEncryptionAgent)

Syntax:

com.ibi.agents.XDXMLEncryptionAgent

iIT Service Object:

format: XML Encryption

Description: Encrypts data with the rules of XML Encryption.

Parameters:

Parameter

Description

Encryption Algorithm *

Describes how the data will be encrypted by the generated symmetric key.

JCE Provider

The JCE provider that supplies the cryptographic needs.

XML Namespace Provider

The provider for the mapping between the XML namespace prefix and the namespace URI. If left blank, XPath expressions in the Encrypted Data and EncryptedKey Parent properties cannot contain namespaces.

XPath Syntax

Determines which syntax level of the XPath should be used. The default option selects the syntax level as set in the console global settings.

Encrypted Data *

An XPath expression that returns a nodeset containing the elements to be encrypted.

Encryption Type

When encrypting an Element, determines whether the whole element or just the Element content is encrypted.

Minimum Count

The minimum number of elements to encrypt. This must be a non-negative integer.

Manifest

Create EncryptedKey Parent

Determines whether the parent element of the EncryptedKey is created if it is missing. Ignored if the EncryptedKey is embedded in the EncryptedData.

EncryptedKey Parent Element

The path to the element where the independent EncryptedKey will be inserted.

If left blank, the EncryptedKey is embedded in the EncryptedData.

If Create EncryptedKey Parent is true, the expression must adhere to Restricted XPath syntax, otherwise the expression may adhere to the full syntax of the XPath engine selected by the XPath Syntax parameter.

Restricted XPath has the form /step1/step2/... where a step has the form ns:elem[predicate] or a pair of consecutive steps that has the form *[1]/self::ns:elem[predicate] to indicate the element must be the first child of its parent.

The namespace prefixes are optional, but if present they must be declared in the XML Namespace provider. The predicate is optional, when present it has the form [@ns1:attr1='val1' and @ns2:attr2='val2' and ...].

If no element matches the Restricted XPath expression and Create EncryptedKey Parent is true, then the necessary elements and attributes will be created such that the expression would match successfully.

Create ReferenceList Parent

Determines whether the parent element of ReferenceList is created if it is missing. Ignored if the ReferenceList is embedded in the EncryptedKey.

ReferenceList Parent Element

The path to the element where the independent ReferenceList will be inserted.

If left blank, the ReferenceList is embedded in the independent EncryptedKey if applicable.

If Create EncryptedKey Parent is true, the expression must adhere to Restricted XPath syntax, otherwise the expression may adhere to the full syntax of the XPath engine selected by the XPath Syntax parameter.

Restricted XPath has the form /step1/step2/... where a step has the form ns:elem[predicate] or a pair of consecutive steps that has the form *[1]/self::ns:elem[predicate] to indicate the element must be the first child of its parent.

The namespace prefixes are optional, but if present they must be declared in the XML Namespace provider. The predicate is optional, when present it has the form [@ns1:attr1='val1' and @ns2:attr2='val2' and ...].

If no element matches the Restricted XPath expression and Create ReferenceList Parent is true, then the necessary elements and attributes will be created such that the expression would match successfully.

Id Prefix

A numeric suffix will be added to this prefix to create the Id attribute. The Id attribute is created only when the element is referenced by another element.

Key Wrap

Key Wrap Algorithm *

Describes how the symmetric key will be encrypted

KeyStore Provider *

The provider for the keystore containing the key encryption key.

Key Encryption Key Alias *

The alias for keystore entry holding the key that will be used to encrypt the symmetric key.

Key Encryption Key Password

The password for the keystore entry holding the key that will be used to encrypt the symmetric key. A trusted certificate entry does not need a password. If left blank, the password for accessing the keystore will be used to access a private key entry or a symmetric key entry.

Enforce KeyUsage Extension

If on, verify certificates used for encryption allow the keyEncipherment KeyUsage extension.

KeyInfo

Include Issuer Serial

Determines whether the X509IssuerSerial element is included in the KeyInfo X509Data element when the Key Encryption Key to describe came from an X509Certificate.

Include Subject Name

Determines whether the X509SubjectName element is included in the KeyInfo X509Data element when the Key Encryption Key to describe came from an X509Certificate.

Include Certificate

Determines whether the X509Certificate element is included in the KeyInfo X509Data element when the Key Encryption Key to describe came from an X509Certificate.

Key Name

Specifies the value of the KeyName element added to the KeyInfo element. This property is most useful when the Key Encryption Key is a symmetric key. Usually left blank to omit the KeyName element when using a public key.

Include WSSE Security Token Reference

Determines whether a WSSE SecurityTokenReference to a pre-existing BinarySecurityToken is included in the KeyInfo element.

WSSE Security Token Id

The value of the BinarySecurityToken ID Attribute referenced by the WSSE SecurityTokenReference. If left blank, the default value is token.

Edges:

The following table lists the available Line Edges for the XML Encryption Service (com.ibi.agents.XDXMLEncryptionAgent).

Line Edge

Description

OnError

An exception occurred during execution.

OnSuccess

The operation was successful.

OnFailure

A fail condition occurred during execution.

OnParseError

Could not parse a document.

OnFailedOperation

Could not perform the operation requested.

OnNotFound

The resource was not found and this is considered an error.