EncryptedXml Class

Represents the process model for implementing XML encryption.

System.Object
  System.Security.Cryptography.Xml.EncryptedXml

Namespace:  System.Security.Cryptography.Xml
Assembly:  System.Security (in System.Security.dll)

[HostProtectionAttribute(SecurityAction.LinkDemand, MayLeakOnAbort = true)]
public class EncryptedXml

The EncryptedXml type exposes the following members.

  NameDescription
Public methodEncryptedXml()Initializes a new instance of the EncryptedXml class.
Public methodEncryptedXml(XmlDocument)Initializes a new instance of the EncryptedXml class using the specified XML document.
Public methodEncryptedXml(XmlDocument, Evidence)Initializes a new instance of the EncryptedXml class using the specified XML document and evidence.
Top

  NameDescription
Public propertyDocumentEvidenceGets or sets the evidence of the XmlDocument object from which the EncryptedXml object is constructed.
Public propertyEncodingGets or sets the encoding used for XML encryption.
Public propertyModeGets or sets the cipher mode used for XML encryption.
Public propertyPaddingGets or sets the padding mode used for XML encryption.
Public propertyRecipientGets or sets the recipient of the encrypted key information.
Public propertyResolverGets or sets the XmlResolver object used by the Document Object Model (DOM) to resolve external XML references.
Top

  NameDescription
Public methodAddKeyNameMappingDefines a mapping between a key name and a symmetric key or an asymmetric key.
Public methodClearKeyNameMappingsResets all key name mapping.
Public methodDecryptDataDecrypts an <EncryptedData> element using the specified symmetric algorithm.
Public methodDecryptDocumentDecrypts all <EncryptedData> elements of the XML document that were specified during initialization of the EncryptedXml class.
Public methodDecryptEncryptedKeyDetermines the key represented by the EncryptedKey element.
Public methodStatic memberDecryptKey(Byte[], SymmetricAlgorithm)Decrypts an <EncryptedKey> element using a symmetric algorithm.
Public methodStatic memberDecryptKey(Byte[], RSA, Boolean)Decrypts an <EncryptedKey> element using an asymmetric algorithm.
Public methodEncrypt(XmlElement, X509Certificate2)Encrypts the outer XML of an element using the specified X.509 certificate.
Public methodEncrypt(XmlElement, String)Encrypts the outer XML of an element using the specified key in the key mapping table.
Public methodEncryptData(Byte[], SymmetricAlgorithm)Encrypts data in the specified byte array using the specified symmetric algorithm.
Public methodEncryptData(XmlElement, SymmetricAlgorithm, Boolean)Encrypts the specified element or its contents using the specified symmetric algorithm.
Public methodStatic memberEncryptKey(Byte[], SymmetricAlgorithm)Encrypts a key using a symmetric algorithm that a recipient uses to decrypt an <EncryptedData> element.
Public methodStatic memberEncryptKey(Byte[], RSA, Boolean)Encrypts the key that a recipient uses to decrypt an <EncryptedData> element.
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetDecryptionIVRetrieves the decryption initialization vector (IV) from an EncryptedData object.
Public methodGetDecryptionKeyRetrieves the decryption key from the specified EncryptedData object.
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetIdElementDetermines how to resolve internal Uniform Resource Identifier (URI) references.
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodReplaceDataReplaces an <EncryptedData> element with a specified decrypted sequence of bytes.
Public methodStatic memberReplaceElementReplaces the specified element with the specified EncryptedData object.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

  NameDescription
Public fieldStatic memberXmlEncAES128KeyWrapUrlRepresents the namespace Uniform Resource Identifier (URI) for the 128-bit Advanced Encryption Standard (AES) Key Wrap algorithm (also known as the Rijndael Key Wrap algorithm). This field is constant.
Public fieldStatic memberXmlEncAES128UrlRepresents the namespace Uniform Resource Identifier (URI) for the 128-bit Advanced Encryption Standard (AES) algorithm (also known as the Rijndael algorithm). This field is constant.
Public fieldStatic memberXmlEncAES192KeyWrapUrlRepresents the namespace Uniform Resource Identifier (URI) for the 192-bit Advanced Encryption Standard (AES) Key Wrap algorithm (also known as the Rijndael Key Wrap algorithm). This field is constant.
Public fieldStatic memberXmlEncAES192UrlRepresents the namespace Uniform Resource Identifier (URI) for the 192-bit Advanced Encryption Standard (AES) algorithm (also known as the Rijndael algorithm). This field is constant.
Public fieldStatic memberXmlEncAES256KeyWrapUrlRepresents the namespace Uniform Resource Identifier (URI) for the 256-bit Advanced Encryption Standard (AES) Key Wrap algorithm (also known as the Rijndael Key Wrap algorithm). This field is constant.
Public fieldStatic memberXmlEncAES256UrlRepresents the namespace Uniform Resource Identifier (URI) for the 256-bit Advanced Encryption Standard (AES) algorithm (also known as the Rijndael algorithm). This field is constant.
Public fieldStatic memberXmlEncDESUrlRepresents the namespace Uniform Resource Identifier (URI) for the Digital Encryption Standard (DES) algorithm. This field is constant.
Public fieldStatic memberXmlEncElementContentUrlRepresents the namespace Uniform Resource Identifier (URI) for XML encryption element content. This field is constant.
Public fieldStatic memberXmlEncElementUrlRepresents the namespace Uniform Resource Identifier (URI) for an XML encryption element. This field is constant.
Public fieldStatic memberXmlEncEncryptedKeyUrlRepresents the namespace Uniform Resource Identifier (URI) for the XML encryption <EncryptedKey> element. This field is constant.
Public fieldStatic memberXmlEncNamespaceUrlRepresents the namespace Uniform Resource Identifier (URI) for XML encryption syntax and processing. This field is constant.
Public fieldStatic memberXmlEncRSA15UrlRepresents the namespace Uniform Resource Identifier (URI) for the RSA Public Key Cryptography Standard (PKCS) Version 1.5 algorithm. This field is constant.
Public fieldStatic memberXmlEncRSAOAEPUrlRepresents the namespace Uniform Resource Identifier (URI) for the RSA Optimal Asymmetric Encryption Padding (OAEP) encryption algorithm. This field is constant.
Public fieldStatic memberXmlEncSHA256UrlRepresents the namespace Uniform Resource Identifier (URI) for the SHA-256 algorithm. This field is constant.
Public fieldStatic memberXmlEncSHA512UrlRepresents the namespace Uniform Resource Identifier (URI) for the SHA-512 algorithm. This field is constant.
Public fieldStatic memberXmlEncTripleDESKeyWrapUrlRepresents the namespace Uniform Resource Identifier (URI) for the TRIPLEDES key wrap algorithm. This field is constant.
Public fieldStatic memberXmlEncTripleDESUrlRepresents the namespace Uniform Resource Identifier (URI) for the Triple DES algorithm. This field is constant.
Top

The EncryptedXml class is the main class used for XML encryption in the .NET Framework. XML Encryption is a standards-based, interoperable way to encrypt all or part of an XML document or any arbitrary data. The .NET Framework XML encryption classes implement the World Wide Web Consortium (W3C) specification for XML encryption located at http://www.w3.org/TR/xmlenc-core/.

Use the EncryptedXml class whenever you need to share encrypted XML data between applications or organizations in a standard way. Any data encrypted using this class can be decrypted by any implementation of the W3C specification for XML encryption.

XML encryption replaces any plain text XML element or document with the <EncryptedData> element, which contains an encrypted (or cipher text) representation of plain text XML or any arbitrary data. The <EncryptedData> element can optionally contain information about where to find a key that will decrypt the cipher text, and which cryptographic algorithm was used to encrypt the plain text.

The <EncryptedKey> element is similar to the <EncryptedData> element in style and usage, except that it allows you to encrypt a key that will decrypt the value of the <EncryptedData> element. Note that the <EncryptedKey> element and the <EncryptedData> element will never contain an unencrypted key.

Use one of the following methods to exchange key information:

  • Do not include any key information. If you choose this option, both parties must agree on an algorithm and key before they exchange encrypted data.

  • Include the location of the key in the Uniform Resource Identifier (URI) attribute of the <RetrievalMethod> element. Both parties must agree on the key location ahead of time and this location must be kept secret.

  • Include a string name that maps to a key in the <KeyName> element. Both parties must agree on the key name mapping before they exchange encrypted data and this mapping must be kept secret.

  • Include an encrypted key in the <EncryptedKey> element. Both parties must agree on the key that decrypts the encrypted key before they exchange encrypted data. You can optionally include a name or location of the key that will decrypt the key in the <EncryptedKey> element.

NoteNote

The HostProtectionAttribute attribute applied to this type or member has the following Resources property value: MayLeakOnAbort. The HostProtectionAttribute does not affect desktop applications (which are typically started by double-clicking an icon, typing a command, or entering a URL in a browser). For more information, see the HostProtectionAttribute class or SQL Server Programming and Host Protection Attributes.

The following code example demonstrates how to create a simple utility class that uses the TripleDES algorithm to encrypt an XML document.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;

	class Program
	{
		static void Main(string[] args)
		{

			// Create an XmlDocument object.
			XmlDocument xmlDoc = new XmlDocument();

			// Load an XML file into the XmlDocument object. 
			try
			{
				xmlDoc.PreserveWhitespace = true;
				xmlDoc.Load("test.xml");
			}
			catch (Exception e)
			{
				Console.WriteLine(e.Message);
				return;
			}

			// Create a new TripleDES key. 
			TripleDESCryptoServiceProvider tDESkey = new TripleDESCryptoServiceProvider();

			// Create a new instance of the TrippleDESDocumentEncryption object 
			// defined in this sample.
			TrippleDESDocumentEncryption xmlTDES = new TrippleDESDocumentEncryption(xmlDoc, tDESkey);
			
			try
			{
				// Encrypt the "creditcard" element.
				xmlTDES.Encrypt("creditcard");

				// Display the encrypted XML to the console.
				Console.WriteLine("Encrypted XML:");
				Console.WriteLine();
				Console.WriteLine(xmlTDES.Doc.OuterXml);

				// Decrypt the "creditcard" element.
				xmlTDES.Decrypt();

				// Display the encrypted XML to the console.
				Console.WriteLine();
				Console.WriteLine("Decrypted XML:");
				Console.WriteLine();
				Console.WriteLine(xmlTDES.Doc.OuterXml);
			}
			catch (Exception e)
			{
				Console.WriteLine(e.Message);
			}
			finally
			{
				// Clear the TripleDES key.
				xmlTDES.Clear();
			}

		}

	}

class TrippleDESDocumentEncryption
{
	protected XmlDocument docValue;
	protected TripleDES algValue;

	public TrippleDESDocumentEncryption(XmlDocument Doc, TripleDES Key)
	{
		if (Doc != null)
		{
			docValue = Doc;
		}
		else
		{
			throw new ArgumentNullException("Doc");
		}

		if (Key != null)
		{

			algValue = Key;
		}
		else
		{
			throw new ArgumentNullException("Key");
		}
	}

	public XmlDocument Doc { set { docValue = value; } get { return docValue; } }
	public TripleDES Alg { set { algValue = value; } get { return algValue; } }

	public void Clear()
	{
		if (algValue != null)
		{
			algValue.Clear();
		}
		else
		{
			throw new Exception("No TripleDES key was found to clear.");
		}
	}

	public void Encrypt(string Element)
	{
		// Find the element by name and create a new 
		// XmlElement object.
		XmlElement inputElement = docValue.GetElementsByTagName(Element)[0] as XmlElement;

		// If the element was not found, throw an exception. 
		if (inputElement == null)
		{
			throw new Exception("The element was not found.");
		}

		// Create a new EncryptedXml object.
		EncryptedXml exml = new EncryptedXml(docValue);

		// Encrypt the element using the symmetric key. 
		byte[] rgbOutput = exml.EncryptData(inputElement, algValue, false);

		// Create an EncryptedData object and populate it.
		EncryptedData ed = new EncryptedData();

		// Specify the namespace URI for XML encryption elements.
		ed.Type = EncryptedXml.XmlEncElementUrl;

		// Specify the namespace URI for the TrippleDES algorithm.
		ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncTripleDESUrl);

		// Create a CipherData element.
		ed.CipherData = new CipherData();

		// Set the CipherData element to the value of the encrypted XML element.
		ed.CipherData.CipherValue = rgbOutput;

		// Replace the plaintext XML elemnt with an EncryptedData element.
		EncryptedXml.ReplaceElement(inputElement, ed, false);
	}

	public void Decrypt()
	{

		// XmlElement object.
		XmlElement encryptedElement = docValue.GetElementsByTagName("EncryptedData")[0] as XmlElement;

		// If the EncryptedData element was not found, throw an exception. 
		if (encryptedElement == null)
		{
			throw new Exception("The EncryptedData element was not found.");
		}

		// Create an EncryptedData object and populate it.
		EncryptedData ed = new EncryptedData();
		ed.LoadXml(encryptedElement);

		// Create a new EncryptedXml object.
		EncryptedXml exml = new EncryptedXml();

		// Decrypt the element using the symmetric key. 
		byte[] rgbOutput = exml.DecryptData(ed, algValue);

		// Replace the encryptedData element with the plaintext XML elemnt.
		exml.ReplaceData(encryptedElement, rgbOutput);

	}

}

The following code example demonstrates how to encrypt an XML document using a symmetric key. This example does not include any key information in the encrypted XML document.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;

class Program
{
    static void Main(string[] args)
    {

        // Create an XmlDocument object.
        XmlDocument xmlDoc = new XmlDocument();

        // Load an XML file into the XmlDocument object. 
        try
        {
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load("test.xml");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
            return;
        }

        // Create a new TripleDES key. 
        TripleDESCryptoServiceProvider tDESkey = new TripleDESCryptoServiceProvider();


        try
        {
            // Encrypt the "creditcard" element.
            Encrypt(xmlDoc, "creditcard", tDESkey);

            // Display the encrypted XML to the console.
            Console.WriteLine("Encrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);

            // Decrypt the "creditcard" element.
            Decrypt(xmlDoc, tDESkey);

            // Display the encrypted XML to the console.
            Console.WriteLine();
            Console.WriteLine("Decrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
        finally
        {
            // Clear the TripleDES key.
            tDESkey.Clear();
        }

    }

    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, SymmetricAlgorithm Alg)
    {
        // Check the arguments.   
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (Alg == null)
            throw new ArgumentNullException("Alg");

        //////////////////////////////////////////////// 
        // Find the specified element in the XmlDocument 
        // object and create a new XmlElemnt object. 
        ////////////////////////////////////////////////

        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found. 
        if (elementToEncrypt == null)
        {
            throw new XmlException("The specified element was not found");

        }

        ////////////////////////////////////////////////// 
        // Create a new instance of the EncryptedXml class  
        // and use it to encrypt the XmlElement with the  
        // symmetric key. 
        //////////////////////////////////////////////////

        EncryptedXml eXml = new EncryptedXml();

        byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, Alg, false);

        //////////////////////////////////////////////// 
        // Construct an EncryptedData object and populate 
        // it with the desired encryption information. 
        ////////////////////////////////////////////////


        EncryptedData edElement = new EncryptedData();
        edElement.Type = EncryptedXml.XmlEncElementUrl;

        // Create an EncryptionMethod element so that the  
        // receiver knows which algorithm to use for decryption. 
        // Determine what kind of algorithm is being used and 
        // supply the appropriate URL to the EncryptionMethod element. 

        string encryptionMethod = null;

        if (Alg is TripleDES)
        {
            encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
        }
        else if (Alg is DES)
        {
            encryptionMethod = EncryptedXml.XmlEncDESUrl;
        }
        else if (Alg is Rijndael)
        {
            switch (Alg.KeySize)
            {
                case 128:
                    encryptionMethod = EncryptedXml.XmlEncAES128Url;
                    break;
                case 192:
                    encryptionMethod = EncryptedXml.XmlEncAES192Url;
                    break;
                case 256:
                    encryptionMethod = EncryptedXml.XmlEncAES256Url;
                    break;
            }
        }
        else
        {
            // Throw an exception if the transform is not in the previous categories 
            throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");
        }

        edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);

        // Add the encrypted element data to the  
        // EncryptedData object.
        edElement.CipherData.CipherValue = encryptedElement;

        //////////////////////////////////////////////////// 
        // Replace the element from the original XmlDocument 
        // object with the EncryptedData element. 
        ////////////////////////////////////////////////////

        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);

    }

    public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg)
    {
        // Check the arguments.   
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (Alg == null)
            throw new ArgumentNullException("Alg");

        // Find the EncryptedData element in the XmlDocument.
        XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;

        // If the EncryptedData element was not found, throw an exception. 
        if (encryptedElement == null)
        {
            throw new XmlException("The EncryptedData element was not found.");
        }

        // Create an EncryptedData object and populate it.
        EncryptedData edElement = new EncryptedData();
        edElement.LoadXml(encryptedElement);

        // Create a new EncryptedXml object.
        EncryptedXml exml = new EncryptedXml();

        // Decrypt the element using the symmetric key. 
        byte[] rgbOutput = exml.DecryptData(edElement, Alg);

        // Replace the encryptedData element with the plaintext XML element.
        exml.ReplaceData(encryptedElement, rgbOutput);

    }


}

The following code example demonstrates how to encrypt an XML document using a symmetric key. This example embeds a key name in the encrypted XML document that the decrypting method uses to find the appropriate decryption key.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;

class Program
{
    static void Main(string[] args)
    {

        // Create an XmlDocument object.
        XmlDocument xmlDoc = new XmlDocument();

        // Load an XML file into the XmlDocument object. 
        try
        {
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load("test.xml");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
            return;
        }

        // Create a new TripleDES key. 
        TripleDESCryptoServiceProvider tDESkey = new TripleDESCryptoServiceProvider();


        try
        {
            // Encrypt the "creditcard" element.
            Encrypt(xmlDoc, "creditcard", tDESkey, "tDESKey");

            // Display the encrypted XML to the console.
            Console.WriteLine("Encrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);

            // Decrypt the "creditcard" element.
            Decrypt(xmlDoc, tDESkey, "tDESKey");

            // Display the encrypted XML to the console.
            Console.WriteLine();
            Console.WriteLine("Decrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
        finally
        {
            // Clear the TripleDES key.
            tDESkey.Clear();
        }

    }

    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, SymmetricAlgorithm Alg, string KeyName)
    {
        // Check the arguments.   
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (Alg == null)
            throw new ArgumentNullException("Alg");

        //////////////////////////////////////////////// 
        // Find the specified element in the XmlDocument 
        // object and create a new XmlElemnt object. 
        ////////////////////////////////////////////////

        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found. 
        if (elementToEncrypt == null)
        {
            throw new XmlException("The specified element was not found");

        }

        ////////////////////////////////////////////////// 
        // Create a new instance of the EncryptedXml class  
        // and use it to encrypt the XmlElement with the  
        // symmetric key. 
        //////////////////////////////////////////////////

        EncryptedXml eXml = new EncryptedXml();

        byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, Alg, false);

        //////////////////////////////////////////////// 
        // Construct an EncryptedData object and populate 
        // it with the desired encryption information. 
        ////////////////////////////////////////////////


        EncryptedData edElement = new EncryptedData();
        edElement.Type = EncryptedXml.XmlEncElementUrl;

        // Create an EncryptionMethod element so that the  
        // receiver knows which algorithm to use for decryption. 
        // Determine what kind of algorithm is being used and 
        // supply the appropriate URL to the EncryptionMethod element. 

        string encryptionMethod = null;

        if (Alg is TripleDES)
        {
            encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
        }
        else if (Alg is DES)
        {
            encryptionMethod = EncryptedXml.XmlEncDESUrl;
        }
        else if (Alg is Rijndael)
        {
            switch (Alg.KeySize)
            {
                case 128:
                    encryptionMethod = EncryptedXml.XmlEncAES128Url;
                    break;
                case 192:
                    encryptionMethod = EncryptedXml.XmlEncAES192Url;
                    break;
                case 256:
                    encryptionMethod = EncryptedXml.XmlEncAES256Url;
                    break;
            }
        }
        else
        {
            // Throw an exception if the transform is not in the previous categories 
            throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");
        }

        edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);

        // Set the KeyInfo element to specify the 
        // name of a key. 

        // Create a new KeyInfo element.
        edElement.KeyInfo = new KeyInfo();

        // Create a new KeyInfoName element.
        KeyInfoName kin = new KeyInfoName();

        // Specify a name for the key.
        kin.Value = KeyName;

        // Add the KeyInfoName element.
        edElement.KeyInfo.AddClause(kin);

        // Add the encrypted element data to the  
        // EncryptedData object.
        edElement.CipherData.CipherValue = encryptedElement;

        //////////////////////////////////////////////////// 
        // Replace the element from the original XmlDocument 
        // object with the EncryptedData element. 
        ////////////////////////////////////////////////////

        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);

    }

    public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg, string KeyName)
    {
        // Check the arguments.   
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (Alg == null)
            throw new ArgumentNullException("Alg");
        if (KeyName == null)
            throw new ArgumentNullException("KeyName");

        // Create a new EncryptedXml object.
        EncryptedXml exml = new EncryptedXml(Doc);

        // Add a key-name mapping. 
        // This method can only decrypt documents 
        // that present the specified key name.
        exml.AddKeyNameMapping(KeyName, Alg);

        // Decrypt the element.
        exml.DecryptDocument();

    }


}

The following code example demonstrates how to encrypt an XML document using an asymmetric key. This example creates a symmetric session key to encrypt the document and then uses the asymmetric key to embed an encrypted version of the session key into the XML document.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;

class Program
{
    static void Main(string[] args)
    {

        // Create an XmlDocument object.
        XmlDocument xmlDoc = new XmlDocument();

        // Load an XML file into the XmlDocument object. 
        try
        {
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load("test.xml");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
            return;
        }

        // Create a new RSA key.  This key will encrypt a symmetric key, 
        // which will then be imbedded in the XML document.  
        RSA rsaKey = new RSACryptoServiceProvider();


        try
        {
            // Encrypt the "creditcard" element.
            Encrypt(xmlDoc, "creditcard", rsaKey, "rsaKey");

            // Display the encrypted XML to the console.
            Console.WriteLine("Encrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);
            xmlDoc.Save("test.xml");

            // Decrypt the "creditcard" element.
            Decrypt(xmlDoc, rsaKey, "rsaKey");
            xmlDoc.Save("test.xml");

            // Display the encrypted XML to the console.
            Console.WriteLine();
            Console.WriteLine("Decrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
        finally
        {
            // Clear the RSA key.
            rsaKey.Clear();
        }

    }

    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, RSA Alg, string KeyName)
    {
        // Check the arguments.   
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (Alg == null)
            throw new ArgumentNullException("Alg");

        //////////////////////////////////////////////// 
        // Find the specified element in the XmlDocument 
        // object and create a new XmlElemnt object. 
        ////////////////////////////////////////////////

        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found. 
        if (elementToEncrypt == null)
        {
            throw new XmlException("The specified element was not found");

        }

        ////////////////////////////////////////////////// 
        // Create a new instance of the EncryptedXml class  
        // and use it to encrypt the XmlElement with the  
        // a new random symmetric key. 
        ////////////////////////////////////////////////// 

        // Create a 256 bit Rijndael key.
        RijndaelManaged sessionKey = new RijndaelManaged();
        sessionKey.KeySize = 256;

        EncryptedXml eXml = new EncryptedXml();

        byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);

        //////////////////////////////////////////////// 
        // Construct an EncryptedData object and populate 
        // it with the desired encryption information. 
        ////////////////////////////////////////////////


        EncryptedData edElement = new EncryptedData();
        edElement.Type = EncryptedXml.XmlEncElementUrl;

        // Create an EncryptionMethod element so that the  
        // receiver knows which algorithm to use for decryption.

        edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);

        // Encrypt the session key and add it to an EncryptedKey element.
        EncryptedKey ek = new EncryptedKey();

        byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

        ek.CipherData = new CipherData(encryptedKey);

        ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

        // Set the KeyInfo element to specify the 
        // name of the RSA key. 

        // Create a new KeyInfo element.
        edElement.KeyInfo = new KeyInfo();

        // Create a new KeyInfoName element.
        KeyInfoName kin = new KeyInfoName();

        // Specify a name for the key.
        kin.Value = KeyName;

        // Add the KeyInfoName element to the  
        // EncryptedKey object.
        ek.KeyInfo.AddClause(kin);

        // Add the encrypted key to the  
        // EncryptedData object.

        edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));

        // Add the encrypted element data to the  
        // EncryptedData object.
        edElement.CipherData.CipherValue = encryptedElement;

        //////////////////////////////////////////////////// 
        // Replace the element from the original XmlDocument 
        // object with the EncryptedData element. 
        ////////////////////////////////////////////////////

        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);

    }

    public static void Decrypt(XmlDocument Doc, RSA Alg, string KeyName)
    {
        // Check the arguments.   
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (Alg == null)
            throw new ArgumentNullException("Alg");
        if (KeyName == null)
            throw new ArgumentNullException("KeyName");

        // Create a new EncryptedXml object.
        EncryptedXml exml = new EncryptedXml(Doc);

        // Add a key-name mapping. 
        // This method can only decrypt documents 
        // that present the specified key name.
        exml.AddKeyNameMapping(KeyName, Alg);

        // Decrypt the element.
        exml.DecryptDocument();

    }

}

The following code example demonstrates how to encrypt an XML document using an X.509 certificate. This example creates a symmetric session key to encrypt the document and then uses the X.509 certificate to embed an encrypted version of the session key into the XML document.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Security.Cryptography.X509Certificates;

class Program
{
    static void Main(string[] args)
    {

        // Create an XmlDocument object.
        XmlDocument xmlDoc = new XmlDocument();

        // Load an XML file into the XmlDocument object. 
        try
        {
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load("test.xml");
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
            return;
        }

        // Create a new X509Certificate2 object by loading 
        // an X.509 certificate file.  To use XML encryption  
        // with an X.509 certificate, use an X509Certificate2  
        // object to encrypt, but use a certificate in a certificate 
        // store to decrypt. 

        // You can create a new test certificate file using the  
        // makecert.exe tool. 

        // Create an X509Certificate2 object for encryption.
        X509Certificate2 cert = new X509Certificate2("test.pfx");

        // Put the certificate in certificate store for decryption.  
        X509Store store = new X509Store(StoreLocation.CurrentUser);

        store.Open(OpenFlags.ReadWrite);

        store.Add(cert);

        store.Close();


        try
        {
            // Encrypt the "creditcard" element.
            Encrypt(xmlDoc, "creditcard", cert);

            // Display the encrypted XML to the console.
            Console.WriteLine("Encrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);

            // Decrypt the "creditcard" element.
            Decrypt(xmlDoc);

            // Display the encrypted XML to the console.
            Console.WriteLine();
            Console.WriteLine("Decrypted XML:");
            Console.WriteLine();
            Console.WriteLine(xmlDoc.OuterXml);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }

    }

    public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, X509Certificate2 Cert)
    {
        // Check the arguments.   
        if (Doc == null)
            throw new ArgumentNullException("Doc");
        if (ElementToEncrypt == null)
            throw new ArgumentNullException("ElementToEncrypt");
        if (Cert == null)
            throw new ArgumentNullException("Cert");

        //////////////////////////////////////////////// 
        // Find the specified element in the XmlDocument 
        // object and create a new XmlElemnt object. 
        ////////////////////////////////////////////////

        XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

        // Throw an XmlException if the element was not found. 
        if (elementToEncrypt == null)
        {
            throw new XmlException("The specified element was not found");

        }

        ////////////////////////////////////////////////// 
        // Create a new instance of the EncryptedXml class  
        // and use it to encrypt the XmlElement with the  
        // X.509 Certificate. 
        //////////////////////////////////////////////////

        EncryptedXml eXml = new EncryptedXml();

        // Encrypt the element.
        EncryptedData edElement = eXml.Encrypt(elementToEncrypt, Cert);


        //////////////////////////////////////////////////// 
        // Replace the element from the original XmlDocument 
        // object with the EncryptedData element. 
        ////////////////////////////////////////////////////

        EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);

    }

    public static void Decrypt(XmlDocument Doc)
    {
        // Check the arguments.   
        if (Doc == null)
            throw new ArgumentNullException("Doc");

        // Create a new EncryptedXml object.
        EncryptedXml exml = new EncryptedXml(Doc);

        // Decrypt the XML document.
        exml.DecryptDocument();

    }


}

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft