Export (0) Print
Expand All

EncryptedXml.DecryptDocument Method

Note: This method is new in the .NET Framework version 2.0.

Decrypts all <EncryptedData> elements of the XML document that were specified during initialization of the EncryptedXml class.

Namespace: System.Security.Cryptography.Xml
Assembly: System.Security (in system.security.dll)

public void DecryptDocument ()
public void DecryptDocument ()
public function DecryptDocument ()

Exception typeCondition

CryptographicException

The cryptographic key used to decrypt the document was not found.

The DecryptDocument method decrypts all <EncryptedData> elements of the XML document loaded during initialization. After you call this method, all <EncryptedData> elements in the document are replaced with plain text versions.

The DecryptDocument method decrypts only top-level <EncryptedData> elements. If you need to decrypt a super-encrypted document (a document that is encrypted more than once), you must call the DecryptDocument method repeatedly until all the <EncryptedData> elements have been decrypted.

NoteNote

The DecryptDocument method decrypts only valid XML data. To decrypt arbitrary data, use the DecryptData method.

To use XML Encryption with X.509 certificates, you must have the Microsoft Enhanced Cryptographic Provider installed and the X.509 certificate must use the Enhanced Provider. If you do not have the Microsoft Enhanced Cryptographic Provider installed or the X.509 certificate does not use the Enhanced Provider, a CryptographicException with an "Unknown Error" will be thrown when you decrypt an XML document.

The following code example demonstrates how to encrypt an XML document using an asymmetric key. This example creates a symmetric session key to encrypt the document and then uses the asymmetric key to embed an encrypted version of the session key into the XML document.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;

class Program
{
    static void Main(string[] args)
    {

        // Create an XmlDocument object.
        XmlDocument xmlDoc = new XmlDocument();

        // Load an XML file into the XmlDocument object.
        try
        {
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load("test.xml");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }

        // Create a new RSA key.  This key will encrypt a symmetric key,
        // which will then be imbedded in the XML document.  
        RSA rsaKey = new RSACryptoServiceProvider();


        try
        {
            // Encrypt the "creditcard" element.
            Encrypt(xmlDoc, "creditcard", rsaKey, "rsaKey");

            // Display the encrypted XML to the console.
            Console.WriteLine("Encrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);

            // Decrypt the "creditcard" element.
            Decrypt(xmlDoc, rsaKey, "rsaKey");

            // Display the encrypted XML to the console.
            Console.WriteLine();
            Console.WriteLine("Decrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
        finally
        {
            // Clear the RSA key.
            rsaKey.Clear();
        }

    }

    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, RSA Alg, string KeyName)
    {
        // Check the arguments.  
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (Alg == null)
            throw new ArgumentNullException("Alg");

        ////////////////////////////////////////////////
        // Find the specified element in the XmlDocument
        // object and create a new XmlElemnt object.
        ////////////////////////////////////////////////

        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found.
        if (elementToEncrypt == null)
        {
            throw new XmlException("The specified element was not found");

        }

        //////////////////////////////////////////////////
        // Create a new instance of the EncryptedXml class 
        // and use it to encrypt the XmlElement with the 
        // a new random symmetric key.
        //////////////////////////////////////////////////

        // Create a 256 bit Rijndael key.
        RijndaelManaged sessionKey = new RijndaelManaged();
        sessionKey.KeySize = 256;

        EncryptedXml eXml = new EncryptedXml();

        byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);

        ////////////////////////////////////////////////
        // Construct an EncryptedData object and populate
        // it with the desired encryption information.
        ////////////////////////////////////////////////


        EncryptedData edElement = new EncryptedData();
        edElement.Type = EncryptedXml.XmlEncElementUrl;

        // Create an EncryptionMethod element so that the 
        // receiver knows which algorithm to use for decryption.

        edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);

        // Encrypt the session key and add it to an EncryptedKey element.
        EncryptedKey ek = new EncryptedKey();

        byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

        ek.CipherData = new CipherData(encryptedKey);

        ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

        // Set the KeyInfo element to specify the
        // name of the RSA key.

        // Create a new KeyInfo element.
        edElement.KeyInfo = new KeyInfo();

        // Create a new KeyInfoName element.
        KeyInfoName kin = new KeyInfoName();

        // Specify a name for the key.
        kin.Value = KeyName;

        // Add the KeyInfoName element to the 
        // EncryptedKey object.
        ek.KeyInfo.AddClause(kin);

        // Add the encrypted key to the 
        // EncryptedData object.

        edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));

        // Add the encrypted element data to the 
        // EncryptedData object.
        edElement.CipherData.CipherValue = encryptedElement;

        ////////////////////////////////////////////////////
        // Replace the element from the original XmlDocument
        // object with the EncryptedData element.
        ////////////////////////////////////////////////////

        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);

    }

    public static void Decrypt(XmlDocument Doc, RSA Alg, string KeyName)
    {
        // Check the arguments.  
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (Alg == null)
            throw new ArgumentNullException("Alg");
        if (KeyName == null)
            throw new ArgumentNullException("KeyName");

        // Create a new EncryptedXml object.
        EncryptedXml exml = new EncryptedXml(Doc);

        // Add a key-name mapping.
        // This method can only decrypt documents
        // that present the specified key name.
        exml.AddKeyNameMapping(KeyName, Alg);

        // Decrypt the element.
        exml.DecryptDocument();

    }

}

import System.*;
import System.Xml.*;
import System.Security.Cryptography.*;
import System.Security.Cryptography.Xml.*;

class Program
{
    public static void main(String[] args)
    {
        // Create an XmlDocument object.
        XmlDocument xmlDoc = new XmlDocument();

        // Load an XML file into the XmlDocument object.
        try {
            xmlDoc.set_PreserveWhitespace(true);
            xmlDoc.Load("test.xml");
        }
        catch (System.Exception e) {
            Console.WriteLine(e.get_Message());
        }
        // Create a new RSA key.  This key will encrypt a symmetric key,
        // which will then be imbedded in the XML document.  
        RSA rsaKey = new RSACryptoServiceProvider();

        try {
            // Encrypt the "creditcard" element.
            Encrypt(xmlDoc, "creditcard", rsaKey, "rsaKey");

            // Display the encrypted XML to the console.
            Console.WriteLine("Encrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.get_OuterXml());

            // Decrypt the "creditcard" element.
            Decrypt(xmlDoc, rsaKey, "rsaKey");

            // Display the encrypted XML to the console.
            Console.WriteLine();
            Console.WriteLine("Decrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.get_OuterXml());
        }
        catch (System.Exception e) {
            Console.WriteLine(e.get_Message());
        }
        finally {
            // Clear the RSA key.
            rsaKey.Clear();
        }
    } //main

    public static void Encrypt(XmlDocument doc, String elementToEncrypt,
        RSA alg, String keyName) throws ArgumentNullException,XmlException
    {
        // Check the arguments.  
        if (doc == null) {
            throw new ArgumentNullException("doc");
        }
        if (elementToEncrypt == null) {
            throw new ArgumentNullException("elementToEncrypt");
        }
        if (alg == null) {
            throw new ArgumentNullException("alg");
        }
        ////////////////////////////////////////////////
        // Find the specified element in the XmlDocument
        // object and create a new XmlElemnt object.
        ////////////////////////////////////////////////
        XmlElement elementToEncrypt1 = (XmlElement)doc.GetElementsByTagName(
            elementToEncrypt).get_ItemOf(0);
        // Throw an XmlException if the element was not found.
        if (elementToEncrypt1 == null) {
            throw new XmlException("The specified element was not found");
        }
        //////////////////////////////////////////////////
        // Create a new instance of the EncryptedXml class 
        // and use it to encrypt the XmlElement with the 
        // a new random symmetric key.
        //////////////////////////////////////////////////
        // Create a 256 bit Rijndael key.
        RijndaelManaged sessionKey = new RijndaelManaged();
        sessionKey.set_KeySize(256);

        EncryptedXml eXml = new EncryptedXml();

        ubyte encryptedElement[] = eXml.EncryptData(elementToEncrypt1,
            sessionKey, false);
        ////////////////////////////////////////////////
        // Construct an EncryptedData object and populate
        // it with the desired encryption information.
        ////////////////////////////////////////////////
        EncryptedData edElement = new EncryptedData();
        edElement.set_Type(EncryptedXml.XmlEncElementUrl);
        // Create an EncryptionMethod element so that the 
        // receiver knows which algorithm to use for decryption.
        edElement.set_EncryptionMethod(new EncryptionMethod(
            EncryptedXml.XmlEncAES256Url));
        // Encrypt the session key and add it to an EncryptedKey element.
        EncryptedKey ek = new EncryptedKey();
        ubyte encryptedKey[] = EncryptedXml.EncryptKey(sessionKey.get_Key(),
            alg, false);
        ek.set_CipherData(new CipherData(encryptedKey));
        ek.set_EncryptionMethod(new EncryptionMethod(EncryptedXml.
            XmlEncRSA15Url));

        // Set the KeyInfo element to specify the
        // name of the RSA key.
        // Create a new KeyInfo element.
        edElement.set_KeyInfo(new KeyInfo());

        // Create a new KeyInfoName element.
        KeyInfoName kin = new KeyInfoName();

        // Specify a name for the key.
        kin.set_Value(keyName);

        // Add the KeyInfoName element to the 
        // EncryptedKey object.
        ek.get_KeyInfo().AddClause(kin);

        // Add the encrypted key to the 
        // EncryptedData object.
        edElement.get_KeyInfo().AddClause(new KeyInfoEncryptedKey(ek));

        // Add the encrypted element data to the 
        // EncryptedData object.
        edElement.get_CipherData().set_CipherValue(encryptedElement);

        ////////////////////////////////////////////////////
        // Replace the element from the original XmlDocument
        // object with the EncryptedData element.
        ////////////////////////////////////////////////////
        EncryptedXml.ReplaceElement(elementToEncrypt1, edElement, false);
    } //Encrypt

    public static void Decrypt(XmlDocument doc, RSA alg, String keyName)
    {
        // Check the arguments.  
        if (doc == null) { 
            throw new ArgumentNullException("doc");
        }
        if (alg == null) {
            throw new ArgumentNullException("alg");
        }
        if (keyName == null) {
            throw new ArgumentNullException("keyName");
        }
        // Create a new EncryptedXml object.
        EncryptedXml eXml = new EncryptedXml(doc);

        // Add a key-name mapping.
        // This method can only decrypt documents
        // that present the specified key name.
        eXml.AddKeyNameMapping(keyName, alg);

        // Decrypt the element.
        eXml.DecryptDocument();
    } //Decrypt 
} //Program

The following code example demonstrates how to encrypt an XML document using an X.509 certificate. This example creates a symmetric session key to encrypt the document and then uses the X.509 certificate to embed an encrypted version of the session key into the XML document.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Security.Cryptography.X509Certificates;

class Program
{
    static void Main(string[] args)
    {

        // Create an XmlDocument object.
        XmlDocument xmlDoc = new XmlDocument();

        // Load an XML file into the XmlDocument object.
        try
        {
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load("test.xml");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }

        // Create a new X509Certificate2 object by loading
        // an X.509 certificate file.  To use XML encryption 
        // with an X.509 certificate, use an X509Certificate2 
        // object to encrypt, but use a certificate in a certificate
        // store to decrypt.

        // You can create a new test certificate file using the 
        // makecert.exe tool.

        // Create an X509Certificate2 object for encryption.
        X509Certificate2 cert = new X509Certificate2("test.pfx");

        // Put the certificate in certificate store for decryption.  
        X509Store store = new X509Store(StoreLocation.CurrentUser);

        store.Open(OpenFlags.ReadWrite);

        store.Add(cert);

        store.Close();


        try
        {
            // Encrypt the "creditcard" element.
            Encrypt(xmlDoc, "creditcard", cert);

            // Display the encrypted XML to the console.
            Console.WriteLine("Encrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);

            // Decrypt the "creditcard" element.
            Decrypt(xmlDoc);

            // Display the encrypted XML to the console.
            Console.WriteLine();
            Console.WriteLine("Decrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }

    }

    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, X509Certificate2 Cert)
    {
        // Check the arguments.  
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (Cert == null)
            throw new ArgumentNullException("Cert");

        ////////////////////////////////////////////////
        // Find the specified element in the XmlDocument
        // object and create a new XmlElemnt object.
        ////////////////////////////////////////////////

        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found.
        if (elementToEncrypt == null)
        {
            throw new XmlException("The specified element was not found");

        }

        //////////////////////////////////////////////////
        // Create a new instance of the EncryptedXml class 
        // and use it to encrypt the XmlElement with the 
        // X.509 Certificate.
        //////////////////////////////////////////////////

        EncryptedXml eXml = new EncryptedXml();

        // Encrypt the element.
        EncryptedData edElement = eXml.Encrypt(elementToEncrypt, Cert);


        ////////////////////////////////////////////////////
        // Replace the element from the original XmlDocument
        // object with the EncryptedData element.
        ////////////////////////////////////////////////////

        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);

    }

    public static void Decrypt(XmlDocument Doc)
    {
        // Check the arguments.  
        if (Doc == null)
            throw new ArgumentNullException("Doc");

        // Create a new EncryptedXml object.
        EncryptedXml exml = new EncryptedXml(Doc);

        // Decrypt the XML document.
        exml.DecryptDocument();

    }


}

import System.*;
import System.Xml.*;
import System.Security.Cryptography.*;
import System.Security.Cryptography.Xml.*;
import System.Security.Cryptography.X509Certificates.*;

class Program
{
    public static void main(String[] args)
    {
        // Create an XmlDocument object.
        XmlDocument xmlDoc = new XmlDocument();
        // Load an XML file into the XmlDocument object.
        try {
            xmlDoc.set_PreserveWhitespace(true);
            xmlDoc.Load("test.xml");
        }
        catch (System.Exception e) {
            Console.WriteLine(e.get_Message());
        }
        // Create a new X509Certificate2 object by loading
        // an X.509 certificate file.  To use XML encryption 
        // with an X.509 certificate, use an X509Certificate2 
        // object to encrypt, but use a certificate in a certificate
        // store to decrypt.
        // You can create a new test certificate file using the 
        // makecert.exe tool.
        // Create an X509Certificate2 object for encryption.
        X509Certificate2 cert = new X509Certificate2("test.pfx");

        // Put the certificate in certificate store for decryption.  
        X509Store store = new X509Store(StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadWrite);
        store.Add(cert);
        store.Close();

        try {
            // Encrypt the "creditcard" element.
            Encrypt(xmlDoc, "creditcard", cert);

            // Display the encrypted XML to the console.
            Console.WriteLine("Encrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.get_OuterXml());

            // Decrypt the "creditcard" element.
            Decrypt(xmlDoc);

            // Display the encrypted XML to the console.
            Console.WriteLine();
            Console.WriteLine("Decrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.get_OuterXml());
        }
        catch (System.Exception e) {
            Console.WriteLine(e.get_Message());
        }
    } //main

    public static void Encrypt(XmlDocument doc, String elementToEncrypt,
        X509Certificate2 cert) throws XmlException
    {
        // Check the arguments.  
        if (doc == null) {
            throw new ArgumentNullException("doc");
        }
        if (elementToEncrypt == null) {
            throw new ArgumentNullException("elementToEncrypt");
        }
        if (cert == null) {
            throw new ArgumentNullException("cert");
        }
        ////////////////////////////////////////////////
        // Find the specified element in the XmlDocument
        // object and create a new XmlElemnt object.
        ////////////////////////////////////////////////
        XmlElement elementToEncrypt1 = (XmlElement)doc.GetElementsByTagName(
            elementToEncrypt).get_ItemOf(0);

        // Throw an XmlException if the element was not found.
        if (elementToEncrypt1 == null) {
            throw new XmlException("The specified element was not found");
        }
        //////////////////////////////////////////////////
        // Create a new instance of the EncryptedXml class 
        // and use it to encrypt the XmlElement with the 
        // X.509 Certificate.
        //////////////////////////////////////////////////
        EncryptedXml eXml = new EncryptedXml();

        // Encrypt the element.
        EncryptedData edElement = eXml.Encrypt(elementToEncrypt1, cert);
        ////////////////////////////////////////////////////
        // Replace the element from the original XmlDocument
        // object with the EncryptedData element.
        ////////////////////////////////////////////////////
        EncryptedXml.ReplaceElement(elementToEncrypt1, edElement, false);
    } //Encrypt

    public static void Decrypt(XmlDocument doc)
    {
        // Check the arguments.  
        if (doc == null) {
            throw new ArgumentNullException("doc");
        }
        // Create a new EncryptedXml object.
        EncryptedXml eXml = new EncryptedXml(doc);
        // Decrypt the XML document.
        eXml.DecryptDocument();
    } //Decrypt 
} //Program

The following code example demonstrates how to decrypt a high level <EncryptedData> tag that contains another encrypted <EncryptedData> tag.

public static void Decrypt(XmlDocument Doc, RSA Alg, string KeyName)
{
    // Check the arguments.  
    if (Doc == null)
        throw new ArgumentNullException("Doc");
    if (Alg == null)
        throw new ArgumentNullException("Alg");
    if (KeyName == null)
        throw new ArgumentNullException("KeyName");

    // Create a new EncryptedXml object.
    EncryptedXml exml = new EncryptedXml(Doc);

    // Add a key-name mapping.
    // This method can only decrypt documents
    // that present the specified key name.
    exml.AddKeyNameMapping(KeyName, Alg);

    while (Doc.GetElementsByTagName("EncryptedData", EncryptedXml.XmlEncNamespaceUrl).Count > 0)
    {
        // Decrypt the element.
        exml.DecryptDocument();
    }
}

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0

Community Additions

ADD
Show:
© 2014 Microsoft