SQLData Systems, Inc.
Home | Products | Services | Documents | Support

XMLCrypto Object

XMLCrypto is a COM object that brings strong security to your data and applications. You can encrypt and sign XML documents and make them unbreakable in just few lines of code. The result XML documents are portable to any machines that support XML Encryption and XML Signature.

The component encapsulates the complexity of XML signature and encryption into a very simple interface. It takes virtually no programming effort to add strong  XML security into your applications, and to secure SOAP messages using WS-Security features.

Key Features

The XMLCrypto Object has the following key features:

  • Support of Microsoft Crypto and OpenSSL as cryptographic engine.

  • Capable of using either Microsoft certificate store or PEM based certificates.
  • Support both XML Encryption and XML Signature
  • Support of Web Service Security (Sign and Encrypt SOAP messages using WS-Security).
  • Integrated with XKMS 2.0 for public keys/certificates validation.
  • Very easy to use and install

Download and Installation

The XMLCrypto object can be downloaded here. It is an installer that guides you through a simple setup process. There are sample VB scripts under the SCRIPTS directory to get you started quickly. The installer generates a 15-day trial license, please contact us at info2-at-sqldata-dot-com if you need to extend the trial period or to purchase the library.

XMLCrypto Sample Code:

1. Encrypt an XML document:

    Given a sample XML document (payment.xml) blow:

<PaymentInfo xmlns="http://sqldata.com/xmlcrypto" Id="PayId">
    <Name>John Doe</Name>
    <CreditCard Currency="USD" Limit="8,000" Id="CC">
      <Number>4019 2445 0277 5567</Number>
      <Issuer>Bank of the Internet</Issuer>
      <Expiration Time="03/06" />
    </CreditCard>
    <Account Id=ACC>
      <AccountId>JDoe</AccountId>
      <Password>My Secret Password</Password>
     </Account>
</PaymentInfo>
 

    The following code encrypts the document using XML Encryption.

set myClient = CreateObject ("SQLData.XMLCrypto")
'Set the Name of the encryption Key
myClient.SetKeyInfo "CryptoTester"
'encrypt the document
encrypted = myClient.EncryptData("payment.xml")
wscript.echo encrypted

     The result is an XML document shown below:

<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
   <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
      <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
         <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
           <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
              <KeyName>CryptoTester</KeyName>
           </KeyInfo>
           <CipherData>
              <CipherValue>HM+khz6O5viUlPWJioBKOdeP09pk1...=</CipherValue>
           </CipherData>
      </EncryptedKey>
  </KeyInfo>
  <CipherData>
       <CipherValue>K1AgD7e6cHkqfUaCz0bzazRxTJzJpdx...</CipherValue>
   </CipherData>
</EncryptedData>

 2. Sign an XML document

The following VB scripts sign a document using XML Signature:

set myClient = CreateObject ("SQLData.XMLCrypto")
myClient.SetKeyInfo "CryptoTester",, MySecret
'set the signature position to be the last child.
myClient.SetProperty "SignatureAnchor", "last"
'sign the document
signed = myClient.SignData ("payment.xml")
wscript.echo signed

The payment document with signature looks like the following:

<PaymentInfo xmlns="http://sqldata.com/xmlcrypto" Id="PayId">
    <Name>John Smith</Name>
    <CreditCard Currency="USD" Limit="5,000" Id="CC">
        <Number>4019 2445 0277 5567</Number>
        <Issuer>Bank of the Internet</Issuer>
        <Expiration Time="04/02"/>
    </CreditCard>
    <Account Id="ACC">
        <AccountId>John Doe</AccountId>
        <Password>My Secret Password</Password>
    </Account>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <Reference URI="">
            <Transforms>
                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>p6fWceDJHMFmDV76x6Gh7lztdl0=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>VSbxfuvlffxGbqjmmKriP4wqBhdMuBrEMrKrysW6vjwFqkLE3vcK8AXjYeyry8mD
            Sg2Q69YlZB7uCnUh5nWTLGtskest0ypkhKful+KwfT1qm7i9IIW02CkGQ/hDNQTf
            5WfOz/VRP7g0xaFbKqe/ZON3G9k1TxL6E2/RqBHlvXQ=</SignatureValue>
        <KeyInfo>
            <X509Data>
              <X509Certificate>MIID4jCCA0ugAwIBAgI...</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</PaymentInfo>

3. Using WS-Security Features

The tool can be used to add web service security features defined in WS-Security into SOAP messages. The following simple scripts add standard timestamp and XML signature into the SOAP header.

set myClient = CreateObject ("SQLData.XMLCrypto")
myClient.SetKeyInfo "CryptoTester"
myClient.SetProperty "SecurityType","WSSecurity"
'sign the document
signed = myClient.SignData ("scripts\SOAPMessage.xml", "", "")

The result SOAP message with WS-Security header is shown below:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
- <SOAP-ENV:Header>
- <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:MustUnderstand="1">
  <wsse:BinarySecurityToken xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="SecId-484d840c-3fa6-447e-a884-da39de45f0ed" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#Base64Binary">MIID4jCCA0ugAwIBAgIRAOGX5IPiDk+3siIT/8UHnPcwDQYJKoZIhvcNAQEEBQAw gaYxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEVMBMGA1UEBxMMR2Fp dGhlcnNidXJnMRgwFgYDVQQKEw9TUUxEYXTjGW4ZQ+jZAkv6Q8yuzlLm5mumMTITmQ=</wsse:BinarySecurityToken>
- <wsu:Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-b9b53e47-1dec-4994-8004-a775da277174">
  <wsu:Created>2005-12-22T02:39:15Z</wsu:Created>
  <wsu:Expires>2005-12-22T02:41:15Z</wsu:Expires>
  </wsu:Timestamp>
- <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
- <SignedInfo>
  <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <Reference URI="#Timestamp-b9b53e47-1dec-4994-8004-a775da277174">
  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <DigestValue>9HhZz3j4GGxWqNtFMSR568zdmSw=</DigestValue>
  </Reference>
- <Reference URI="#_SOAPBody">
  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <DigestValue>yUoh5gubh3/LtppHhb2Woae2XD8=</DigestValue>
  </Reference>
  </SignedInfo>
  <SignatureValue>ts0q2wljDXD1yTE3wvQLYSbyxI8kapWCLgw2OqLa+KfYyC0lZG8ZGjZ11mSiVPhB /rSlZAfKDMRCr0BcgnJn3sd/wVg23Bp+dT6EwNSYDM23gfLVF5Udscpzy3QQqoox ai5TY11SVwoOfb2bOffH8G4QIweK/eliL+ZHE3NRDRk=</SignatureValue>
<KeyInfo>
 <wsse:SecurityTokenReference>
  <wsse:Reference URI="#SecId-484d840c-3fa6-447e-a884-da39de45f0ed" />
  </wsse:SecurityTokenReference>
  </KeyInfo>
  </Signature>
  </wsse:Security>
  </SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="_SOAPBody">
 <mns:Method1 xmlns:mns="http://www.SoapClient.com/xml/SoapResponder.xsd" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <UserId xsi:type="xsd:string">joe@sqldata.com</UserId>
  <Secret xsi:type="xsd:string">sdaf</Secret>
  </mns:Method1>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>

There are sample scripts in the toolkits that demonstrate how to encrypt part of the SOAP message as well.

We also have a  C/C++ sample code that demonstrates how to use the object in Microsoft VC 6.0.

The product can be purchased online here using paypal.

Download | Purchase | ContactFeedback

Send mail to  info2-at-sqldata-dot-com with questions or comments about this web site.
Copyright 1997-2005 SQLData Systems, Inc.
Last modified: August 28, 2009