Encryption: Processing Rules For each EncryptedData and EncryptedKey the encryptor must : 1. Select the algorithm (and parameters) 2. Obtain and (optionally) represent the key 3. Encrypt the data If the data is an ”element” or element “content”, obtain the octets by serialising the data in UTF-8; any other data must be serialised as octets Encrypt the octets using the algorithm and key from steps 1 and 2 Provide type of presentation to indicate how to obtain and interpret the plaintext octets after decryption (e.g., MimeType=“text/xml” or MimeType=“image/png”) 4. Build the EncryptedType (EncryptedData or EncryptedKey) 5. Process EncryptedData If the Type of the encrypted data is ”element” or element “content”, then encryptor SHOULD be able to replace the unencrypted “element” or “content” with the EncryptedData element. If the Type of the encrypted data is ”element” or element “content”, then encryptor MUST always be able to return the EncryptedData to the application. |