CipherReference Class


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Represents the <CipherReference> element in XML encryption. This class cannot be inherited.

Namespace:   System.Security.Cryptography.Xml
Assembly:  System.Security (in System.Security.dll)


[HostProtectionAttribute(SecurityAction.LinkDemand, MayLeakOnAbort = true)]
public sealed class CipherReference : EncryptedReference


Initializes a new instance of the CipherReference class.


Initializes a new instance of the CipherReference class using the specified Uniform Resource Identifier (URI).

System_CAPS_pubmethodCipherReference(String, TransformChain)

Initializes a new instance of the CipherReference class using the specified Uniform Resource Identifier (URI) and transform chain information.


Gets a value that indicates whether the cache is valid.(Inherited from EncryptedReference.)


Gets or sets the transform chain of an EncryptedReference object.(Inherited from EncryptedReference.)


Gets or sets the Uniform Resource Identifier (URI) of an EncryptedReference object.(Inherited from EncryptedReference.)


Adds a Transform object to the current transform chain of an EncryptedReference object.(Inherited from EncryptedReference.)


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)


Returns the XML representation of a CipherReference object.(Overrides EncryptedReference.GetXml().)


Loads XML information into the <CipherReference> element in XML encryption.(Overrides EncryptedReference.LoadXml(XmlElement).)


Returns a string that represents the current object.(Inherited from Object.)

This class represents the <CipherReference> element in XML encryption. It identifies a source which, when processed, yields the encrypted data.

The actual encrypted data referenced by the <CipherReference> is obtained by the following process. The <CipherReference> URI property contains a Uniform Resource Identifier (URI) that is dereferenced. If the <CipherReference> element also contains a transform chain, the data resulting from dereferencing the URI is transformed as specified to produce the encrypted data. For example, if the encrypted data is base64-encoded within an XML document, the transforms would specify an XPath expression followed by a base64 decoding so the encrypted data can be extracted.

The syntax of the URI and transforms is similar to that of XML digital signatures. However, in XML digital signatures, both generation and validation processing start with the same source data and perform that transform in the same order. In XML encryption, the decrypting application has only the encrypted data and the specified transforms. The transforms are enumerated in the order necessary to obtain the encrypted data.

Note   By default, you cannot dereference cipher references from documents with unknown sources, such as files from a Web site, because the DocumentEvidence property is null. For example, when you attempt to decrypt a file containing a <CipherReference> element that references a file on the Web, a SecurityException is thrown, even if the request is made by a fully trusted assembly.

If you are sure the documents you are decrypting can be trusted, you can change this behavior for fully trusted applications by using the following code:

Evidence ev = new Evidence();
ev.AddHost (new Zone(SecurityZone.MyComputer));
EncryptedXml exml = new EncryptedXml(doc, ev);

The following code example creates a new instance of CipherReference.

using System;
using System.Security.Cryptography.Xml;
using System.Xml;
using System.IO;

/// This sample used the EncryptedData class to create an encrypted data element
/// and write it to an XML file. It demonstrates the use of CipherReference.
namespace EncryptedDataSample
	class Sample1
		static void Main(string[] args)
			//Create a URI string.
			String uri = "";
			// Create a Base64 transform. The input content retrieved from the
			// URI should be Base64-decoded before other processing.
			Transform base64 = new XmlDsigBase64Transform();
			//Create a transform chain and add the transform to it.
			TransformChain tc = new TransformChain();
			//Create <CipherReference> information.
			CipherReference reference = new CipherReference(uri, tc);

			// Create a new CipherData object using the CipherReference information.
			// Note that you cannot assign both a CipherReference and a CipherValue
			// to a CipherData object.
			CipherData cd = new CipherData(reference);

			// Create a new EncryptedData object.
			EncryptedData ed = new EncryptedData();

			//Add an encryption method to the object.
			ed.Id = "ED";
			ed.EncryptionMethod = new EncryptionMethod("");
			ed.CipherData = cd;

			//Add key information to the object.
			KeyInfo ki = new KeyInfo();
			ki.AddClause(new KeyInfoRetrievalMethod("#EK", ""));
			ed.KeyInfo = ki;

			// Create new XML document and put encrypted data into it.
			XmlDocument doc = new XmlDocument();
			XmlElement encryptionPropertyElement = (XmlElement)doc.CreateElement("EncryptionProperty", EncryptedXml.XmlEncNamespaceUrl);
			EncryptionProperty ep = new EncryptionProperty(encryptionPropertyElement);

			// Output the resulting XML information into a file.
				string path = @"c:\test\MyTest.xml";

				File.WriteAllText(path, ed.GetXml().OuterXml);
			catch (IOException e)
				Console.WriteLine("File IO error. {0}", e);


.NET Framework
Available since 2.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top