This documentation is archived and is not being maintained.

EncryptedKey Class

Represents the <EncryptedKey> element in XML encryption. This class cannot be inherited.


Namespace:  System.Security.Cryptography.Xml
Assembly:  System.Security (in System.Security.dll)

[HostProtectionAttribute(SecurityAction.LinkDemand, MayLeakOnAbort = true)]
public sealed class EncryptedKey : EncryptedType

The EncryptedKey type exposes the following members.

Public methodEncryptedKeyInitializes a new instance of the EncryptedKey class.

Public propertyCarriedKeyNameGets or sets the optional <CarriedKeyName> element in XML encryption.
Public propertyCipherDataGets or sets the CipherData value for an instance of an EncryptedType class. (Inherited from EncryptedType.)
Public propertyEncodingGets or sets the Encoding attribute of an EncryptedType instance in XML encryption. (Inherited from EncryptedType.)
Public propertyEncryptionMethodGets or sets the <EncryptionMethod> element for XML encryption. (Inherited from EncryptedType.)
Public propertyEncryptionPropertiesGets or sets the <EncryptionProperties> element in XML encryption. (Inherited from EncryptedType.)
Public propertyIdGets or sets the Id attribute of an EncryptedType instance in XML encryption. (Inherited from EncryptedType.)
Public propertyKeyInfoGets of sets the <KeyInfo> element in XML encryption. (Inherited from EncryptedType.)
Public propertyMimeTypeGets or sets the MimeType attribute of an EncryptedType instance in XML encryption. (Inherited from EncryptedType.)
Public propertyRecipientGets or sets the optional Recipient attribute in XML encryption.
Public propertyReferenceListGets or sets the <ReferenceList> element in XML encryption.
Public propertyTypeGets or sets the Type attribute of an EncryptedType instance in XML encryption. (Inherited from EncryptedType.)

Public methodAddPropertyAdds an <EncryptionProperty> child element to the <EncryptedProperties> element in the current EncryptedType object in XML encryption. (Inherited from EncryptedType.)
Public methodAddReference(DataReference)Adds a <DataReference> element to the <ReferenceList> element.
Public methodAddReference(KeyReference)Adds a <KeyReference> element to the <ReferenceList> element.
Public methodEquals(Object)Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as a hash function for a particular type. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodGetXmlReturns the XML representation of the EncryptedKey object. (Overrides EncryptedType.GetXml().)
Public methodLoadXmlLoads the specified XML information into the <EncryptedKey> element in XML encryption. (Overrides EncryptedType.LoadXml(XmlElement).)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)

This class represents the <EncryptedKey> element in XML encryption. The <EncryptedKey> element is used to send encryption keys. It can be created in a stand-alone XML document, be placed within an application document, or be inside an <EncryptedData> element as a child of a <KeyInfo> element. The key value is always encrypted to the recipient. When <EncryptedKey> is decrypted, the resulting key is made available to the <EncryptionMethod> algorithm without any additional processing.

The <EncryptedKey> element is similar to the <EncryptedData> element of the EncryptedData class except that the data encrypted is always a key value.


The HostProtectionAttribute attribute applied to this type or member has the following Resources property value: MayLeakOnAbort. The HostProtectionAttribute does not affect desktop applications (which are typically started by double-clicking an icon, typing a command, or entering a URL in a browser). For more information, see the HostProtectionAttribute class or SQL Server Programming and Host Protection Attributes.

The following example illustrates how to encrypt and decrypt an XML element by using the EncryptedKey class. This example then displays the values of various properties of the EncryptedKey class to the console.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;

class Program
	static void Main(string[] args)

		// Create an XmlDocument object.
		XmlDocument xmlDoc = new XmlDocument();

		// Load an XML file into the XmlDocument object.
			xmlDoc.PreserveWhitespace = true;
		catch (Exception e)

		// Create a new RSA key.  This key will encrypt a symmetric key,
		// which will then be imbedded in the XML document.  
		RSA rsaKey = new RSACryptoServiceProvider();

			// Encrypt the "creditcard" element.
			Encrypt(xmlDoc, "creditcard", rsaKey, "rsaKey");

			// Inspect the EncryptedKey element.

			// Decrypt the "creditcard" element.
			Decrypt(xmlDoc, rsaKey, "rsaKey");

		catch (Exception e)
			// Clear the RSA key.


	public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, RSA Alg, string KeyName)
		// Check the arguments.  
		if (Doc == null)
			throw new ArgumentNullException("Doc");
		if (ElementToEncrypt == null)
			throw new ArgumentNullException("ElementToEncrypt");
		if (Alg == null)
			throw new ArgumentNullException("Alg");

		// Find the specified element in the XmlDocument
		// object and create a new XmlElemnt object.

		XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;

		// Throw an XmlException if the element was not found.
		if (elementToEncrypt == null)
			throw new XmlException("The specified element was not found");


		// Create a new instance of the EncryptedXml class 
		// and use it to encrypt the XmlElement with the 
		// a new random symmetric key.

		// Create a 256 bit Rijndael key.
		RijndaelManaged sessionKey = new RijndaelManaged();
		sessionKey.KeySize = 256;

		EncryptedXml eXml = new EncryptedXml();

		byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);

		// Construct an EncryptedData object and populate
		// it with the desired encryption information.

		EncryptedData edElement = new EncryptedData();
		edElement.Type = EncryptedXml.XmlEncElementUrl;

		// Create an EncryptionMethod element so that the 
		// receiver knows which algorithm to use for decryption.

		edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);

		// Encrypt the session key and add it to an EncryptedKey element.
		EncryptedKey ek = new EncryptedKey();

		byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);

		ek.CipherData = new CipherData(encryptedKey);

		ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);

		// Set the KeyInfo element to specify the
		// name of the RSA key.

		// Create a new KeyInfo element.
		edElement.KeyInfo = new KeyInfo();

		// Create a new KeyInfoName element.
		KeyInfoName kin = new KeyInfoName();

		// Specify a name for the key.
		kin.Value = KeyName;

		// Add the KeyInfoName element to the 
		// EncryptedKey object.

		// Add the encrypted key to the 
		// EncryptedData object.

		edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));

		// Add the encrypted element data to the 
		// EncryptedData object.
		edElement.CipherData.CipherValue = encryptedElement;

		// Replace the element from the original XmlDocument
		// object with the EncryptedData element.

		EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);


	public static void Decrypt(XmlDocument Doc, RSA Alg, string KeyName)
		// Check the arguments.  
		if (Doc == null)
			throw new ArgumentNullException("Doc");
		if (Alg == null)
			throw new ArgumentNullException("Alg");
		if (KeyName == null)
			throw new ArgumentNullException("KeyName");

		// Create a new EncryptedXml object.
		EncryptedXml exml = new EncryptedXml(Doc);

		// Add a key-name mapping.
		// This method can only decrypt documents
		// that present the specified key name.
		exml.AddKeyNameMapping(KeyName, Alg);

		// Decrypt the element.


	static void InspectElement(XmlDocument Doc)
		// Get the EncryptedKey element from the XMLDocument object.
		XmlElement encryptedKey = Doc.GetElementsByTagName("EncryptedKey")[0] as XmlElement;

		// Create a new EncryptedKey object.
		EncryptedKey k = new EncryptedKey();

		// Load the XML from the document to
		// initialize the EncryptedKey object.

		// Display the properties.
		// Most values are Null by default.
		Console.WriteLine("EncryptedKey.KeyInfo: " + k.KeyInfo.GetXml().InnerXml);
		Console.WriteLine("EncryptedKey.Id: " + k.Id);
		Console.WriteLine("EncryptedKey.CarriedKeyName: " + k.CarriedKeyName);
		Console.WriteLine("EncryptedKey.CipherData: " + k.CipherData.GetXml().InnerXml);
		Console.WriteLine("EncryptedKey.Encoding: " + k.Encoding);
		Console.WriteLine("EncryptedKey.EncryptionMethod: " + k.EncryptionMethod.GetXml().InnerXml);
		if (k.EncryptionProperties.Count >= 1)
			Console.WriteLine("EncryptedKey.EncryptionProperties: " + k.EncryptionProperties[0].GetXml().InnerXml);
		Console.WriteLine("EncryptedKey.MimeType: " + k.MimeType);
		Console.WriteLine("EncryptedKey.Recipient: " + k.Recipient);

		if (k.ReferenceList.Count >= 1)
			Console.WriteLine("EncryptedKey.ReferenceList: " + k.ReferenceList[0].GetXml().InnerXml);


.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.