XML-W3C
XML encryption and digital signatures are specified in these Recommendations
from the W3C:
OpenPGP
OpenPGP is an IETF standard for encryption and digital signatures based on
the original Pretty Good Privacy program written by Phil Zimmerman. PGP is
a commercial company but the OpenPGP standard is separate and open
Enigma
Enigma is an easy-to-use Java/XML cryptography API, implementing the OpenPGP protocol.
It wraps the well-established BouncyCastle crypto API, on which it depends
Enigma and JDOM
Enigma works with the jdom document object model, to encrypt, decrypt, digitally-sign and
verify xml elements in xml documents. It replaces the element to be encrypted with
an encrypted element in the Xml-enc namespace; and on decryption, the encrypted element
is replaced by the clear-text. It does signing and verification in the same way.
Enigma isn't a full implementation of the xml-enc and xml-dsig specifications; there is
no guarantee that Enigma will be able to decrypt or verify documents encrypted or
signed by other implementations; however, other full implementations should be
able to decrypt or verify documents encrypted or signed by Enigma (provided, of
course, that the right key material is available to them)
Encrypting with Enigma Locks and Keys
Public-Key cryptography is conceptually almost counter-intuitive. The complexity
of the algorithms is part of the problem, but one of the most significant factors
is the public-key/private-key abstraction itself. Enigma overcomes that by using
an alternative, but compatible, abstraction. In Enigma, public keys are called
"locks", and every lock has a corresponding key. Imagine you have an infinite
supply of identical padlocks, of the type that snap shut without needing a key.
You have the only key that will open these padlocks.
If I want to send something securely to you, all I need to do is get one of these locks,
and use it to lock a box containing the message. That's exactly how Enigma locks
(which are, essentially, OpenPGP Public Keys) work. The advantage of this is that the
API is very simple: get a Lock, and call its lock(Element) method. The element is
locked in its document.
Element lockedElement = lock.lock(unlockedElement);
And to unlock it:
Element unlockedElement = key.unlock(lockedElement, passphrase);
Signing with Engima Locks and Keys
OpenPGP keys can also be used to sign and verify material, and since Enigma Locks
and Keys are just wrappers for OpenPGP public keys and private keys respectively,
the signature and verification code is just as simple:
To sign an element:
Element signedElement = key.sign(unsignedElement, passphrase);
and to verify it:
boolean verified = lock.verify(signedElement);
[an error occurred while processing this directive]