<EncryptedData>

The parts of this element are as follows:

• Id is the unique identifier for the element. InterSystems IRIS generates this automatically.

• <EncryptionMethod> indicates the algorithm that was used to encrypt this data.

  In InterSystems IRIS, you can specify this algorithm. See Specifying the Block Encryption Algorithm.

• <CipherData> carries the encrypted data, as the value in the <CipherValue> element. In this example, the value MLwR6hvKE0gon[parts omitted]8njiQ== is the encrypted data.

• (Not included in the example) <KeyInfo> identifies the symmetric key. In this case, <KeyInfo> includes a <SecurityTokenReference> element, which includes a reference to a symmetric key in one of the following forms:

  • A reference to a <DerivedKeyToken> earlier in the WS-Security header.

  • A reference to an implied <DerivedKeyToken>. For example:

    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
       <SecurityTokenReference xmlns="[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                     s01:Nonce="mMDk0zn8V7WTsFaIjUJ7zg==" 
                     xmlns:s01="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512">
          <Reference URI="#Id-93F97220-568E-47FC-B3E1-A2CF3F70B29B"></Reference>
       </SecurityTokenReference>
    </KeyInfo>
    

    

    In this case, the URI attribute in <Reference> points to the <EncryptedKey> element used to generate the <DerivedKeyToken>, and the Nonce attribute indicates the nonce value that was used.

  In both cases, this derived key was used to encrypt the data that is carried in this <EncryptedData> element.

  The <KeyInfo> element is included if the encryption uses a top-level <ReferenceList> element; see <ReferenceList>.

Within <Security>, an <EncryptedData> element should be included after the associated <EncryptedKey>.

An <EncryptedData> element can also be the child of the SOAP body (the <Body> element).