ediverse Explorer la plateforme

À la une PEPPOL BIS Billing 3.0 L’obligation européenne d’e-invoicing arrive : France sept 2026, Belgique janv 2026, Allemagne 2025.

W3C-XML-ENCRYPTION

W3C XML Encryption XML-Enc chiffrement XML.

Définition

XML-Enc structure : <EncryptedData> root element XML namespace 'http://www.w3.org/2001/04/xmlenc#'. Children : <EncryptionMethod> (algorithm URI), <KeyInfo> (X509Certificate, EncryptedKey reference), <CipherData> (CipherValue ciphertext base64 ou CipherReference). Algorithms standards : Block Encryption (AES-128-CBC, AES-256-CBC, Triple DES, AES-GCM 1.1+), Key Transport (RSA-OAEP, RSA-v1.5), Key Agreement (DH ECDH-ES), Symmetric Key Wrap (AES-KW, Triple DES-KW). XML Encryption peut chiffrer : (1) Whole XML Document, (2) XML Element entire, (3) XML Element Content only (keep tags clear), (4) Arbitrary binary data. Patterns combinaisons usage : (a) Use XML-Enc encrypt sensitive payload + XML-DSig sign whole document = encrypted + signed Web Service messages WS-Security ; (b) SAML encrypted assertions Identity Federation. Vulnerabilities historic : padding oracle attacks XML-Enc 1.0 (CBC mode), Backwards compatibility attack via Decryption Transform fixed XML-Enc 1.1 + W3C errata.

Origine

W3C XML Encryption Working Group 2001 ; XML Encryption 1.0 W3C Recommendation 10 decembre 2002 ; XML Encryption 1.1 W3C Recommendation 11 avril 2013 (post padding oracle vulnerabilities discoverable fix).

Exemple en contexte

ADP Payroll SOAP Web Service utilise WS-Security avec XML-Enc + XML-DSig pour transmettre employee salary data B2B clients : SSN + salary amount encrypted via XML-Enc AES-256-GCM, message signed XML-DSig, transmission TLS, end-to-end encryption.

Termes liés

Dernière mise à jour: 16 mai 2026