NAME

XML::Enc - XML::Enc Encryption Support

VERSION

version 0.15

SYNOPSIS

    my $decrypter = XML::Enc->new(
        {
            key                => 't/sign-private.pem',
            no_xml_declaration => 1,
        },
    );
    $decrypted = $enc->decrypt($xml);
    my $encrypter = XML::Enc->new(
        {
            cert               => 't/sign-certonly.pem',
            no_xml_declaration => 1,
            data_enc_method    => 'aes256-cbc',
            key_transport      => 'rsa-1_5',
        },
    );
    $encrypted = $enc->encrypt($xml);

NAME

XML::Enc - XML Encryption

METHODS

new( ... )

Constructor. Creates an instance of the XML::Enc object

Arguments:

key: Filename of the private key to be used for decryption.
cert: Filename of the public key to be used for encryption.
no_xml_declaration: Do not return the XML declaration if true (1). Return it if false (0). This is useful for decrypting documents without the declaration such as SAML2 Responses.
data_enc_method: Specify the data encryption method to be used. Supported methods are:
Used in encryption. Optional. Default method: aes256-cbc

tripledes-cbc <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#tripledes-cbc>
aes128-cbc <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#aes128-cbc>
aes192-cbc <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#aes192-cbc>
aes256-cbc <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#aes256-cbc>
aes128-gcm <https://www.w3.org/TR/xmlenc-core/#aes128-gcm>
aes192-gcm <https://www.w3.org/TR/xmlenc-core/#aes192-gcm>
aes256-gcm <https://www.w3.org/TR/xmlenc-core/#aes256-gcm>

key_transport: Specify the encryption method to be used for key transport. Supported methods are:
Used in encryption. Optional. Default method: rsa-oaep-mgf1p

rsa-1_5 <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5>
rsa-oaep-mgf1p <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p>
rsa-oaep <http://www.w3.org/2009/xmlenc11#rsa-oaep>

oaep_mgf_alg: Specify the Algorithm to be used for rsa-oaep. Supported algorithms are:
Used in encryption. Optional. Default method: mgf1sha1

mgf1sha1 <http://www.w3.org/2009/xmlenc11#mgf1sha1>
mgf1sha224 <http://www.w3.org/2009/xmlenc11#mgf1sha224>
mgf1sha265 <http://www.w3.org/2009/xmlenc11#mgf1sha256>
mgf1sha384 <http://www.w3.org/2009/xmlenc11#mgf1sha384>
mgf1sha512 <http://www.w3.org/2009/xmlenc11#mgf1sha512>

oaep_params

Specify the OAEPparams value to use as part of the mask generation function (MGF). It is optional but can be specified for rsa-oaep and rsa-oaep-mgf1p EncryptionMethods.

It is base64 encoded and stored in the XML as OAEPparams.

If specified you MAY specify the oaep_label_hash that should be used. You should note that not all implementations support an oaep_label_hash that differs from that of the MGF specified in the xenc11:MGF element or the default MGF1 with SHA1.

The oaep_label_hash is stored in the DigestMethod child element of the EncryptionMethod.

oaep_label_hash

Specify the Hash Algorithm to use for the rsa-oaep label as specified by oaep_params.

The default is sha1. Supported algorithms are:

sha1 <http://www.w3.org/2000/09/xmldsig#sha1>
sha224 <http://www.w3.org/2001/04/xmldsig-more#sha224>
sha256 <http://www.w3.org/2001/04/xmlenc#sha256>
sha384 <http://www.w3.org/2001/04/xmldsig-more#sha384>
sha512 <http://www.w3.org/2001/04/xmlenc#sha512>

key_name: Specify a key name to add to the KeyName element. If it is not specified then no KeyName element is added to the KeyInfo

decrypt( ... )

Main decryption function.

Arguments:

xml: XML containing the encrypted data.

encrypt( ... )

Main encryption function.

Arguments:

xml: XML containing the plaintext data.

AUTHOR

Timothy Legge <timlegge@cpan.org>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.