Decryption: Processing Rules|
1. Process the element to determine the algorithm, parameters and ds:KeyInfo element to be used. If some information is omitted, the application MUST supply it.
2. Locate the data encryption key according to the ds:KeyInfo element, which may contain one or more children elements.
3. Decrypt the data contained in the CipherData element – depending on existence of CipherValue or CipherReference child elements
4. Process decrypted data of Type 'element' or element 'content‘
The cleartext octet sequence (from step 3) is interpreted as UTF-8 encoded character data
The decryptor MUST be able to return the value of Type and the UTF-8 encoded XML character data. Validation on the serialized XML is NOT REQUIRED.
The decryptor SHOULD support the ability to replace the EncryptedData element with the decrypted 'element' or element 'content' represented by the UTF-8 encoded characters
5. Process decrypted data if Type is unspecified or is not 'element' or element 'content'.