-
<EncryptionMethod> indicates the algorithms that were used to encrypt the symmetric key.
In InterSystems IRIS, you can specify the key transport algorithm (shown by the Algorithm attribute of <EncryptionMethod>). See Specifying the Key Transport Algorithm.
-
<KeyInfo> identifies the key that was used to encrypt this symmetric key. In InterSystems IRIS, <KeyInfo> includes a <SecurityTokenReference>, which has one of the following forms:
-
A reference to a <BinarySecurityToken> earlier in the WS-Security header, as shown in the preceding example.
-
Information to uniquely identify the certificate, which presumably the message recipient owns. For example, the <SecurityTokenReference> could include the SHA1 thumbprint of the certificate, as follows:
<SecurityTokenReference xmlns="[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsd">
<KeyIdentifier EncodingType="[parts omitted]#Base64Binary"
ValueType="[parts omitted]#ThumbprintSHA1">
maedm8CNoh4zH8SMoF+3xV1MYtc=
</KeyIdentifier>
</SecurityTokenReference>
In both cases, the corresponding public key was used to encrypt the symmetric key that is carried in this <EncryptedKey> element.
This element is omitted if the encryption uses a top-level <ReferenceList> element; see <ReferenceList>.
-
<CipherData> carries the encrypted symmetric key, as the value in the <CipherValue> element. In this example, the value WtE[parts omitted]bSyvg== is the encrypted symmetric key.
-
<ReferenceList> indicates the part or parts of this message that were encrypted with the symmetric key carried in this <EncryptedKey> element. Specifically, the URI attribute of a <DataReference> points to the Id attribute of an <EncryptedData> element elsewhere in the message.
Depending on the technique that you use, this element might not be included. It is possible to instead link a <EncryptedData> and the corresponding <EncryptedKey> via a top-level <ReferenceList> element; see <ReferenceList>.