Encrypting binary data using XML
The procedure to encrypt binary data is as follows.
Logging into the toolkit
Instantiate:
A "sender" user object to encrypt the data
A "recipient" user object to decrypt (recipient) the data
Initializing the IXSIL library
Retrieve the init.properties file and initialize the IXSIL library.
iaik.ixsil.util.URI initProps = new URI(<init_properties_file_URI>);IXSILInit.init(initProps);Refer to the readme file for more information on editing the init.properties file.
etjava\examples\source\com\entrust\toolkit\examples\xml\xml_readme.htmlRefer also to the Javadoc documentation of the following class.
iaik.ixsil.init.IXSILInitInitializing the toolkit
Initialize the toolkit classes for XML encryption and decryption..
iaik.ixsil.util.ExternalReferenceResolverImpl res = new ExternalReferenceResolverImpl(initProps);com.entrust.toolkit.xencrypt.init.XMLEInit initializer = new XMLEInit(initProps);Getting the certificate
Retrieve the recipient's and, if required, the sender's, encryption public certificate.
X509Certificate recipientCertificate = recipient.getEncryptionCertificate();X509Certificate senderCertificate = sender.getEncryptionCertificate();Creating the XML document
Create an XML document to contain the encrypted data.
com.entrust.toolkit.xencrypt.core.Encryptor encryptor = new Encryptor(initializer);Adding binary data to the XML document
Create an EncryptedElementSet object and add to it all the elements (XML DOM elements) to be encrypted.
com.entrust.toolkit.xencrypt.core.EncryptedElementSet set = new EncryptedElementSet(encryptor);set.addElement(<URL_of_binary_data_to_encrypt>);The EncryptedElementSet class allows an application to define a set of DOM elements to be encrypted for a group of recipients. This procedure encrypts for a single recipient. To store the encrypted data remotely, you can specify a location using an absolute URI.
encryptor.setCipherURI(<URL_of_binary_data_to_encrypt>, <URL_of_encrypted_binary_data);Setting the trust manager
Set a trust manager to validate certificates and add the recipient (and, optionally, the sender) to the set.
{encryptor.setTrustmanager(new com.entrust.toolkit.Trustmanager(new com.entrust.toolkit.KeyAndCertificateSource(sender)));Encrypting the data
Encrypt the data.
encryptor.encrypt();Retrieving encrypted elements
Once encrypted, you can handle the data at your discretion. For example, you can retrieve a single <EncryptedData> element.
org.w3c.dom.Element element = encryptor.getEncryptedDataElement(<URL_of_binary_data_to_encrypt>);Writing the encrypted data
You can also choose to write the cipher text to a file
encryptor.toOutputStream(new FileOutputStream(<path to encrypted XML file>));If the encrypted data was written to a URL, you can retrieve it and store it locally.
FileOutputStream fos = new FileOutputStream(new File(<local file name>));fos.write(encryptor.getCipherText(<URL of the encrypted binary data>));fos.close();