See Also: EncryptedXml Members
The System.Security.Cryptography.Xml.EncryptedXml class is the main class used for XML encryption in the .NET Framework. XML Encryption is a standards-based, interoperable way to encrypt all or part of an XML document or any arbitrary data. The .NET Framework XML encryption classes implement the World Wide Web Consortium (W3C) specification for XML encryption located at http://www.w3.org/TR/xmlenc-core/.
Use the System.Security.Cryptography.Xml.EncryptedXml class whenever you need to share encrypted XML data between applications or organizations in a standard way. Any data encrypted using this class can be decrypted by any implementation of the W3C specification for XML encryption.
XML encryption replaces any plain text XML element or document with the <EncryptedData> element, which contains an encrypted (or cipher text) representation of plain text XML or any arbitrary data. The <EncryptedData> element can optionally contain information about where to find a key that will decrypt the cipher text, and which cryptographic algorithm was used to encrypt the plain text.
The <EncryptedKey> element is similar to the <EncryptedData> element in style and usage, except that it allows you to encrypt a key that will decrypt the value of the <EncryptedData> element. Note that the <EncryptedKey> element and the <EncryptedData> element will never contain an unencrypted key.
Use one of the following methods to exchange key information:
Do not include any key information. If you choose this option, both parties must agree on an algorithm and key before they exchange encrypted data.
Include the location of the key in the Uniform Resource Identifier (URI) attribute of the <RetrievalMethod> element. Both parties must agree on the key location ahead of time and this location must be kept secret.
Include a string name that maps to a key in the <KeyName> element. Both parties must agree on the key name mapping before they exchange encrypted data and this mapping must be kept secret.
Include an encrypted key in the <EncryptedKey> element. Both parties must agree on the key that decrypts the encrypted key before they exchange encrypted data. You can optionally include a name or location of the key that will decrypt the key in the <EncryptedKey> element.