See Also: CipherReference Members
This class represents the <CipherReference> element in XML encryption. It identifies a source which, when processed, yields the encrypted data.
The actual encrypted data referenced by the <CipherReference> is obtained by the following process. The <CipherReference> URI property contains a Uniform Resource Identifier (URI) that is dereferenced. If the <CipherReference> element also contains a transform chain, the data resulting from dereferencing the URI is transformed as specified to produce the encrypted data. For example, if the encrypted data is base64-encoded within an XML document, the transforms would specify an XPath expression followed by a base64 decoding so the encrypted data can be extracted.
The syntax of the URI and transforms is similar to that of XML digital signatures. However, in XML digital signatures, both generation and validation processing start with the same source data and perform that transform in the same order. In XML encryption, the decrypting application has only the encrypted data and the specified transforms. The transforms are enumerated in the order necessary to obtain the encrypted data.
Note By default, you cannot dereference cipher references from documents with unknown sources, such as files from a Web site, because the EncryptedXml.DocumentEvidence property is null. For example, when you attempt to decrypt a file containing a <CipherReference> element that references a file on the Web, a System.Security.SecurityException is thrown, even if the request is made by a fully trusted assembly.
If you are sure the documents you are decrypting can be trusted, you can change this behavior for fully trusted applications by using the following code:
Evidence ev = new Evidence(); ev.AddHost (new Zone(SecurityZone.MyComputer)); EncryptedXml exml = new EncryptedXml(doc, ev);