The procedure to encrypt XML fragments within an XML document is as follows.

Logging the user
Initializing the IXSIL library
Initializing the toolkit
Creating an Encryptor instance
Setting the symmetric encryption algorithm
Setting the ID of the EncryptedKey elements
Setting the ID of the EncryptedData elements
Selecting the XML elements to encrypt
Encrypting XML elements
Writing the encrypted data

Logging the user

Log in the user with the selected credentials.

user.login(credReader, <password>);

Retrieving the certificate

Retrieve the recipient's public key certificate.

X509Certificate certificate = new X509Certificate(new FileInputStream(<recipient_cert_path>));

Initializing the IXSIL library

Retrieve the init.properties file and initialize the IXSIL library.

iaik.ixsil.util.URI initProps = new URI(<init_properties_file_URI>);
IXSILInit.init(initProps);

Refer to the readme file for more information on editing the init.properties file.

etjava\examples\source\com\entrust\toolkit\examples\xml\xml_readme.html

Refer also to the Javadoc documentation of the following class.

iaik.ixsil.init.IXSILInit

Initializing the toolkit

Initialize the toolkit to prepare for XML encryption and description.

com.entrust.toolkit.xencrypt.init.XMLEInit initializer = new XMLEInit(initProps);

Creating an Encryptor instance

Create a com.entrust.toolkit.xencrypt.core.Encryptor instance.

Encryptor encryptor = new Encryptor(initializer, new FileInputStream(<path_to_doc_to encrypt>));

Initialize the Encryptor instance with a trust manager.

encryptor.setTrustmanager(new com.entrust.toolkit.Trustmanager(new com.entrust.toolkit.KeyAndCertificateSource(sender)));

Where sender represents the user logged in to the toolkit in the first step.

The trust manager provides the means to validate the recipient's public key certificate.

Setting the symmetric encryption algorithm

Set the symmetric encryption algorithm – for example:

encryptor.setSymmetricAlgorithm(XMLEConstants.ALGORITHM_AES_128);

The XMLEConstants class is in the following package.

com.entrust.toolkit.xencrypt.init

This code line sets the 128-bit AES algorithm. To use the 256-bit AES default algorithm, omit this line from your code. Refer to the Javadoc of the following class for algorithm identifiers of other symmetric encryption algorithms you can use with the Toolkit.

com.entrust.toolkit.xencrypt.init.XMLEConstants

Setting the ID of the EncryptedKey elements

Specify a value for the ID attribute of the <EncryptedKey> elements in the encrypted document.

encryptor.setEncryptedKeyBaseID("KB");

The "KB" string is the base ID for the <EncryptedKey> elements in the encrypted document. The Encryptor assigns value sequentially to the IDs beginning at 0.

The base ID for the first <EncryptedKey> element is "KB0".
The second is "KB1".
And so on up to "KBn".

Refer to the Javadoc of the following method for more detailed information.

com.entrust.toolkit.xencrypt.core.Encryptor.setEncryptedKeyBaseID

If you omit this line from your code, The Toolkit sets the ID attribute to default values: EK0, EK1, ..., EKn.

Setting the ID of the EncryptedData elements

Specify a value for the ID attribute of the <EncryptedData> elements in the encrypted document.

encryptor.setEncryptedDataBaseID("ED");

The String DB is the base ID for the <EncryptedData> elements in the encrypted document. The Encryptor assigns value sequentially to the IDs beginning at 0.

The base ID for the first <EncryptedData> element is "DB0"
For the second is "DB1"
And so on up to "DBn".

Refer to the Javadoc of the following method for more detailed information.

com.entrust.toolkit.xencrypt.core.Encryptor.setEncryptedData

If you omit this line from your code, the Toolkit sets the ID attribute to default values: ED0, ED1, ..., EDn.

Selecting the XML elements to encrypt

Specify the elements in the XML document that are to be encrypted.

org.w3c.dom.NodeList elements = encryptor.getDocument().getElementsByTagName(<element_name>);
for(int i = 0; i < elements.getLength(); i++)
{
  org.w3c.dom.Element element = (org.w3c.dom.Element)elements.item(i);
  encryptor.setRecipient(element, certificate);
  encryptor.setContentOnly(element, true);
}

Encrypting XML elements

Encrypt the selected XML elements.

encryptor.encrypt()

This method replaces the elements to be encrypted with an <EncryptedData> element whose Type attribute is set to either:

Element
Content

Writing the encrypted data

Write the encrypted data to file by serializing the DOM content to the specified output stream.

encryptor.toOutputStream(new FileOutputStream(<encrypted_file_path>));