ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

W3C-XML-ENCRYPTION

W3C XML Encryption XML-Enc XML encryption.

Definition

XML-Enc structure: <EncryptedData> root element XML namespace 'http://www.w3.org/2001/04/xmlenc#'. Children: <EncryptionMethod> (algorithm URI), <KeyInfo> (X509Certificate, EncryptedKey reference), <CipherData> (CipherValue ciphertext base64 or CipherReference). Standard algorithms: Block Encryption (AES-128-CBC, AES-256-CBC, Triple DES, AES-GCM 1.1+), Key Transport (RSA-OAEP, RSA-v1.5), Key Agreement (DH ECDH-ES), Symmetric Key Wrap (AES-KW, Triple DES-KW). XML Encryption can encrypt: (1) Whole XML Document, (2) Entire XML Element, (3) XML Element Content only (keep tags clear), (4) Arbitrary binary data. Combination usage patterns: (a) Use XML-Enc encrypt sensitive payload + XML-DSig sign whole document = encrypted + signed Web Service messages WS-Security ; (b) SAML encrypted assertions Identity Federation. Historic vulnerabilities: padding oracle attacks XML-Enc 1.0 (CBC mode), Backwards compatibility attack via Decryption Transform fixed XML-Enc 1.1 + W3C errata.

Origin

W3C XML Encryption Working Group 2001 ; XML Encryption 1.0 W3C Recommendation 10 December 2002 ; XML Encryption 1.1 W3C Recommendation 11 April 2013 (post padding oracle vulnerabilities discoverable fix).

Example in context

ADP Payroll SOAP Web Service uses WS-Security with XML-Enc + XML-DSig to transmit employee salary data B2B clients: SSN + salary amount encrypted via XML-Enc AES-256-GCM, message signed XML-DSig, TLS transmission, end-to-end encryption.

Last updated: May 16, 2026