Encryption: Processing Rules|
For each EncryptedData and EncryptedKey the encryptor must :
1. Select the algorithm (and parameters)
2. Obtain and (optionally) represent the key
3. Encrypt the data
If the data is an ”element” or element “content”, obtain the octets by serialising the data in UTF-8; any other data must be serialised as octets
Encrypt the octets using the algorithm and key from steps 1 and 2
Provide type of presentation to indicate how to obtain and interpret the plaintext octets after decryption (e.g., MimeType=“text/xml” or MimeType=“image/png”)
4. Build the EncryptedType (EncryptedData or EncryptedKey)
5. Process EncryptedData
If the Type of the encrypted data is ”element” or element “content”, then encryptor SHOULD be able to replace the unencrypted “element” or “content” with the EncryptedData element.
If the Type of the encrypted data is ”element” or element “content”, then encryptor MUST always be able to return the EncryptedData to the application.