ghopp
/
server_playground
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Another abandoned server code base... this is kind of an ancestor of taskrambler.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
165 Commits
1 Branch
0 Tags
51 MiB
 
 
 
 
 
 
Tree: 9e1e4f7891
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9e1e4f7891'
${ noResults }
server_playground/doc/www.w3.org/TR/2012/WD-xmlsec-algorithms-20120105/index.html

2343 lines
96 KiB
Raw Blame History

<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
<html lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>XML Security Algorithm Cross-Reference</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<!-- <script src="../../../dap-dev/ReSpec.js/js/respec.js"
class="remove"></script> -->
<style type="text/css">
/*****************************************************************
* ReSpec CSS
* Robin Berjon (robin at berjon dot com)
* v0.05 - 2009-07-31
*****************************************************************/
/* --- INLINES --- */
em.rfc2119 {
text-transform: lowercase;
font-variant: small-caps;
font-style: normal;
color: #900;
}
h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
border: none;
}
dfn {
font-weight: bold;
}
a.internalDFN {
color: inherit;
border-bottom: 1px solid #99c;
text-decoration: none;
}
a.externalDFN {
color: inherit;
border-bottom: 1px dotted #ccc;
text-decoration: none;
}
a.bibref {
text-decoration: none;
}
code {
color: #ff4500;
}
/* --- WEB IDL --- */
pre.idl {
border-top: 1px solid #90b8de;
border-bottom: 1px solid #90b8de;
padding: 1em;
line-height: 120%;
}
pre.idl::before {
content: "WebIDL";
display: block;
width: 150px;
background: #90b8de;
color: #fff;
font-family: initial;
padding: 3px;
font-weight: bold;
margin: -1em 0 1em -1em;
}
.idlType {
color: #ff4500;
font-weight: bold;
text-decoration: none;
}
/*.idlModule*/
/*.idlModuleID*/
/*.idlInterface*/
.idlInterfaceID, .idlDictionaryID {
font-weight: bold;
color: #005a9c;
}
.idlSuperclass {
font-style: italic;
color: #005a9c;
}
/*.idlAttribute*/
.idlAttrType, .idlFieldType, .idlMemberType {
color: #005a9c;
}
.idlAttrName, .idlFieldName, .idlMemberName {
color: #ff4500;
}
.idlAttrName a, .idlFieldName a, .idlMemberName a {
color: #ff4500;
border-bottom: 1px dotted #ff4500;
text-decoration: none;
}
/*.idlMethod*/
.idlMethType {
color: #005a9c;
}
.idlMethName {
color: #ff4500;
}
.idlMethName a {
color: #ff4500;
border-bottom: 1px dotted #ff4500;
text-decoration: none;
}
/*.idlParam*/
.idlParamType {
color: #005a9c;
}
.idlParamName {
font-style: italic;
}
.extAttr {
color: #666;
}
/*.idlConst*/
.idlConstType {
color: #005a9c;
}
.idlConstName {
color: #ff4500;
}
.idlConstName a {
color: #ff4500;
border-bottom: 1px dotted #ff4500;
text-decoration: none;
}
/*.idlException*/
.idlExceptionID {
font-weight: bold;
color: #c00;
}
.idlTypedefID, .idlTypedefType {
color: #005a9c;
}
.idlRaises, .idlRaises a.idlType, .idlRaises a.idlType code, .excName a, .excName a code {
color: #c00;
font-weight: normal;
}
.excName a {
font-family: monospace;
}
.idlRaises a.idlType, .excName a.idlType {
border-bottom: 1px dotted #c00;
}
.excGetSetTrue, .excGetSetFalse, .prmNullTrue, .prmNullFalse, .prmOptTrue, .prmOptFalse {
width: 45px;
text-align: center;
}
.excGetSetTrue, .prmNullTrue, .prmOptTrue { color: #0c0; }
.excGetSetFalse, .prmNullFalse, .prmOptFalse { color: #c00; }
.idlImplements a {
font-weight: bold;
}
dl.attributes, dl.methods, dl.constants, dl.fields, dl.dictionary-members {
margin-left: 2em;
}
.attributes dt, .methods dt, .constants dt, .fields dt, .dictionary-members dt {
font-weight: normal;
}
.attributes dt code, .methods dt code, .constants dt code, .fields dt code, .dictionary-members dt code {
font-weight: bold;
color: #000;
font-family: monospace;
}
.attributes dt code, .fields dt code, .dictionary-members dt code {
background: #ffffd2;
}
.attributes dt .idlAttrType code, .fields dt .idlFieldType code, .dictionary-members dt .idlMemberType code {
color: #005a9c;
background: transparent;
font-family: inherit;
font-weight: normal;
font-style: italic;
}
.methods dt code {
background: #d9e6f8;
}
.constants dt code {
background: #ddffd2;
}
.attributes dd, .methods dd, .constants dd, .fields dd, .dictionary-members dd {
margin-bottom: 1em;
}
table.parameters, table.exceptions {
border-spacing: 0;
border-collapse: collapse;
margin: 0.5em 0;
width: 100%;
}
table.parameters { border-bottom: 1px solid #90b8de; }
table.exceptions { border-bottom: 1px solid #deb890; }
.parameters th, .exceptions th {
color: #fff;
padding: 3px 5px;
text-align: left;
font-family: initial;
font-weight: normal;
text-shadow: #666 1px 1px 0;
}
.parameters th { background: #90b8de; }
.exceptions th { background: #deb890; }
.parameters td, .exceptions td {
padding: 3px 10px;
border-top: 1px solid #ddd;
vertical-align: top;
}
.parameters tr:first-child td, .exceptions tr:first-child td {
border-top: none;
}
.parameters td.prmName, .exceptions td.excName, .exceptions td.excCodeName {
width: 100px;
}
.parameters td.prmType {
width: 120px;
}
table.exceptions table {
border-spacing: 0;
border-collapse: collapse;
width: 100%;
}
/* --- TOC --- */
.toc a {
text-decoration: none;
}
a .secno {
color: #000;
}
/* --- TABLE --- */
table.simple {
border-spacing: 0;
border-collapse: collapse;
border-bottom: 3px solid #005a9c;
}
.simple th {
background: #005a9c;
color: #fff;
padding: 3px 5px;
text-align: left;
}
.simple th[scope="row"] {
background: inherit;
color: inherit;
border-top: 1px solid #ddd;
}
.simple td {
padding: 3px 10px;
border-top: 1px solid #ddd;
}
.simple tr:nth-child(even) {
background: #f0f6ff;
}
/* --- DL --- */
.section dd > p:first-child {
margin-top: 0;
}
.section dd > p:last-child {
margin-bottom: 0;
}
.section dd {
margin-bottom: 1em;
}
.section dl.attrs dd, .section dl.eldef dd {
margin-bottom: 0;
}
/* --- EXAMPLES --- */
pre.example {
border-top: 1px solid #ff4500;
border-bottom: 1px solid #ff4500;
padding: 1em;
margin-top: 1em;
}
pre.example::before {
content: "Example";
display: block;
width: 150px;
background: #ff4500;
color: #fff;
font-family: initial;
padding: 3px;
font-weight: bold;
margin: -1em 0 1em -1em;
}
/* --- EDITORIAL NOTES --- */
.issue {
padding: 1em;
margin: 1em 0em 0em;
border: 1px solid #f00;
background: #ffc;
}
.issue::before {
content: "Issue";
display: block;
width: 150px;
margin: -1.5em 0 0.5em 0;
font-weight: bold;
border: 1px solid #f00;
background: #fff;
padding: 3px 1em;
}
.note {
margin: 1em 0em 0em;
padding: 1em;
border: 2px solid #cff6d9;
background: #e2fff0;
}
.note::before {
content: "Note";
display: block;
width: 150px;
margin: -1.5em 0 0.5em 0;
font-weight: bold;
border: 1px solid #cff6d9;
background: #fff;
padding: 3px 1em;
}
/* --- Best Practices --- */
div.practice {
border: solid #bebebe 1px;
margin: 2em 1em 1em 2em;
}
span.practicelab {
margin: 1.5em 0.5em 1em 1em;
font-weight: bold;
font-style: italic;
}
span.practicelab { background: #dfffff; }
span.practicelab {
position: relative;
padding: 0 0.5em;
top: -1.5em;
}
p.practicedesc {
margin: 1.5em 0.5em 1em 1em;
}
@media screen {
p.practicedesc {
position: relative;
top: -2em;
padding: 0;
margin: 1.5em 0.5em -1em 1em;
}
}
/* --- SYNTAX HIGHLIGHTING --- */
pre.sh_sourceCode {
background-color: white;
color: black;
font-style: normal;
font-weight: normal;
}
pre.sh_sourceCode .sh_keyword { color: #005a9c; font-weight: bold; } /* language keywords */
pre.sh_sourceCode .sh_type { color: #666; } /* basic types */
pre.sh_sourceCode .sh_usertype { color: teal; } /* user defined types */
pre.sh_sourceCode .sh_string { color: red; font-family: monospace; } /* strings and chars */
pre.sh_sourceCode .sh_regexp { color: orange; font-family: monospace; } /* regular expressions */
pre.sh_sourceCode .sh_specialchar { color: #ffc0cb; font-family: monospace; } /* e.g., \n, \t, \\ */
pre.sh_sourceCode .sh_comment { color: #A52A2A; font-style: italic; } /* comments */
pre.sh_sourceCode .sh_number { color: purple; } /* literal numbers */
pre.sh_sourceCode .sh_preproc { color: #00008B; font-weight: bold; } /* e.g., #include, import */
pre.sh_sourceCode .sh_symbol { color: blue; } /* e.g., *, + */
pre.sh_sourceCode .sh_function { color: black; font-weight: bold; } /* function calls and declarations */
pre.sh_sourceCode .sh_cbracket { color: red; } /* block brackets (e.g., {, }) */
pre.sh_sourceCode .sh_todo { font-weight: bold; background-color: #00FFFF; } /* TODO and FIXME */
/* Predefined variables and functions (for instance glsl) */
pre.sh_sourceCode .sh_predef_var { color: #00008B; }
pre.sh_sourceCode .sh_predef_func { color: #00008B; font-weight: bold; }
/* for OOP */
pre.sh_sourceCode .sh_classname { color: teal; }
/* line numbers (not yet implemented) */
pre.sh_sourceCode .sh_linenum { display: none; }
/* Internet related */
pre.sh_sourceCode .sh_url { color: blue; text-decoration: underline; font-family: monospace; }
/* for ChangeLog and Log files */
pre.sh_sourceCode .sh_date { color: blue; font-weight: bold; }
pre.sh_sourceCode .sh_time, pre.sh_sourceCode .sh_file { color: #00008B; font-weight: bold; }
pre.sh_sourceCode .sh_ip, pre.sh_sourceCode .sh_name { color: #006400; }
/* for Prolog, Perl... */
pre.sh_sourceCode .sh_variable { color: #006400; }
/* for LaTeX */
pre.sh_sourceCode .sh_italics { color: #006400; font-style: italic; }
pre.sh_sourceCode .sh_bold { color: #006400; font-weight: bold; }
pre.sh_sourceCode .sh_underline { color: #006400; text-decoration: underline; }
pre.sh_sourceCode .sh_fixed { color: green; font-family: monospace; }
pre.sh_sourceCode .sh_argument { color: #006400; }
pre.sh_sourceCode .sh_optionalargument { color: purple; }
pre.sh_sourceCode .sh_math { color: orange; }
pre.sh_sourceCode .sh_bibtex { color: blue; }
/* for diffs */
pre.sh_sourceCode .sh_oldfile { color: orange; }
pre.sh_sourceCode .sh_newfile { color: #006400; }
pre.sh_sourceCode .sh_difflines { color: blue; }
/* for css */
pre.sh_sourceCode .sh_selector { color: purple; }
pre.sh_sourceCode .sh_property { color: blue; }
pre.sh_sourceCode .sh_value { color: #006400; font-style: italic; }
/* other */
pre.sh_sourceCode .sh_section { color: black; font-weight: bold; }
pre.sh_sourceCode .sh_paren { color: red; }
pre.sh_sourceCode .sh_attribute { color: #006400; }
</style><link href="http://www.w3.org/StyleSheets/TR/W3C-WD" rel="stylesheet" type="text/css" charset="utf-8"></head><body style="display: inherit; "><div class="head"><p><a href="http://www.w3.org/"><img width="72" height="48" src="http://www.w3.org/Icons/w3c_home" alt="W3C"></a></p><h1 class="title" id="title">XML Security Algorithm Cross-Reference</h1><h2 id="w3c-working-draft-05-january-2012"><acronym title="World Wide Web Consortium">W3C</acronym> Working Draft 05 January 2012</h2><dl><dt>This version:</dt><dd><a href="http://www.w3.org/TR/2012/WD-xmlsec-algorithms-20120105/">http://www.w3.org/TR/2012/WD-xmlsec-algorithms-20120105/</a></dd><dt>Latest published version:</dt><dd><a href="http://www.w3.org/TR/xmlsec-algorithms/">http://www.w3.org/TR/xmlsec-algorithms/</a></dd><dt>Latest editor's draft:</dt><dd><a href="http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/">http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/</a></dd><dt>Previous version:</dt><dd><a href="http://www.w3.org/TR/2011/WD-xmlsec-algorithms-20110421/">http://www.w3.org/TR/2011/WD-xmlsec-algorithms-20110421/</a></dd><dt>Editors:</dt><dd><span>Frederick Hirsch</span>, Nokia</dd>
<dd><span>Thomas Roessler</span>, <acronym title="World Wide Web Consortium">W3C</acronym></dd>
<dd><span>Kelvin Yiu</span>, Microsoft</dd>
</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2012 <a href="http://www.w3.org/"><acronym title="World Wide Web Consortium">W3C</acronym></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute of Technology">MIT</acronym></a>, <a href="http://www.ercim.eu/"><acronym title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. <acronym title="World Wide Web Consortium">W3C</acronym> <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p><hr></div>
<div id="abstract" class="introductory section"><h2>Abstract</h2>
This Note summarizes XML Security algorithm URI identifiers
and the specifications associated with them.
</div><div id="sotd" class="introductory section"><h2>Status of This Document</h2><p><em>This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current <acronym title="World Wide Web Consortium">W3C</acronym> publications and the latest revision of this technical report can be found in the <a href="http://www.w3.org/TR/"><acronym title="World Wide Web Consortium">W3C</acronym> technical reports index</a> at http://www.w3.org/TR/.</em></p>
<p>This Working Draft of "XML Security Algorithm Cross-Reference" is intended to become a <acronym title="World Wide Web Consortium">W3C</acronym> Note.</p><p>
Changes since
the <a href="http://www.w3.org/TR/2011/WD-xmlsec-algorithms-20110421/">last
publication of this draft</a> include the following changes
(see <a href="Overview-diff.html">redline</a>):
</p><ul>
<li>Added RSA-OAEP algorithm URI for new XML Encryption 1.1
definition that allows specification of the mask
generation function.</li>
<li>Added URI definitions for XML Encryption 1.1 mask
generation functions, for MGF1 with SHA*.</li>
<li>More detail in table of contents.</li>
</ul>
<p>This document was published by the <a href="http://www.w3.org/2008/xmlsec/">XML Security Working Group</a> as a Working Draft. If you wish to make comments regarding this document, please send them to <a href="mailto:public-xmlsec@w3.org">public-xmlsec@w3.org</a> (<a href="mailto:public-xmlsec-request@w3.org?subject=subscribe">subscribe</a>, <a href="http://lists.w3.org/Archives/Public/public-xmlsec/">archives</a>). All feedback is welcome.</p><p>Publication as a Working Draft does not imply endorsement by the <acronym title="World Wide Web Consortium">W3C</acronym> Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 <acronym title="World Wide Web Consortium">W3C</acronym> Patent Policy</a>. The group does not expect this document to become a <acronym title="World Wide Web Consortium">W3C</acronym> Recommendation. <acronym title="World Wide Web Consortium">W3C</acronym> maintains a <a href="http://www.w3.org/2004/01/pp-impl/42458/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the <acronym title="World Wide Web Consortium">W3C</acronym> Patent Policy</a>.</p></div><div id="toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#Introduction" class="tocxref"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a href="#namespaces" class="tocxref"><span class="secno">2. </span>Namespaces</a></li><li class="tocline"><a href="#signature-method-uris" class="tocxref"><span class="secno">3. </span>Signature Algorithms</a><ul class="toc"><li class="tocline"><a href="#DSA" class="tocxref"><span class="secno">3.1 </span>DSA</a></li><li class="tocline"><a href="#RSA" class="tocxref"><span class="secno">3.2 </span>RSA</a></li><li class="tocline"><a href="#ECDSA" class="tocxref"><span class="secno">3.3 </span>Elliptic Curve DSA</a></li><li class="tocline"><a href="#hmac" class="tocxref"><span class="secno">3.4 </span>HMAC</a></li></ul></li><li class="tocline"><a href="#digest-method-uris" class="tocxref"><span class="secno">4. </span>Digest Methods</a><ul class="toc"><li class="tocline"><a href="#sec-md5" class="tocxref"><span class="secno">4.1 </span>MD5</a></li><li class="tocline"><a href="#sha" class="tocxref"><span class="secno">4.2 </span>SHA variants</a></li><li class="tocline"><a href="#sec-ripemd160" class="tocxref"><span class="secno">4.3 </span>RIPEMD-160</a></li></ul></li><li class="tocline"><a href="#symmetric-encryption-uris" class="tocxref"><span class="secno">5. </span>Symmetric Key Encryption Algorithms</a><ul class="toc"><li class="tocline"><a href="#tripledes" class="tocxref"><span class="secno">5.1 </span>Triple DES</a></li><li class="tocline"><a href="#aes" class="tocxref"><span class="secno">5.2 </span>AES</a></li><li class="tocline"><a href="#camellia" class="tocxref"><span class="secno">5.3 </span>Camellia</a></li></ul></li><li class="tocline"><a href="#key-transport-uris" class="tocxref"><span class="secno">6. </span>Key Transport Algorithms</a><ul class="toc"><li class="tocline"><a href="#rsa15" class="tocxref"><span class="secno">6.1 </span>RSA v1.5</a></li><li class="tocline"><a href="#rsa-oaep" class="tocxref"><span class="secno">6.2 </span>RSA OAEP</a></li></ul></li><li class="tocline"><a href="#key-derivation-uris" class="tocxref"><span class="secno">7. </span>Key Derivation Algorithm URIs</a><ul class="toc"><li class="tocline"><a href="#concatkdf" class="tocxref"><span class="secno">7.1 </span>ConcatKDF</a></li><li class="tocline"><a href="#pbkdf2" class="tocxref"><span class="secno">7.2 </span>PBKDF2</a></li></ul></li><li class="tocline"><a href="#key-agreement-uris" class="tocxref"><span class="secno">8. </span>Key Agreement Algorithm URIs</a></li><li class="tocline"><a href="#symmetric-key-wrap-uris" class="tocxref"><span class="secno">9. </span>Symmetric Key Wrap Algorithm URIs</a><ul class="toc"><li class="tocline"><a href="#cms3deskeywrap" class="tocxref"><span class="secno">9.1 </span>CMS Triple-DES Key Wrap</a></li><li class="tocline"><a href="#aeskeywrap" class="tocxref"><span class="secno">9.2 </span>AES Key Wrap</a></li><li class="tocline"><a href="#camilliakeywrap" class="tocxref"><span class="secno">9.3 </span>Camellia Key Wrap</a></li></ul></li><li class="tocline"><a href="#generic-hybrid-cipher-uris" class="tocxref"><span class="secno">10. </span>Generic Hybrid Cipher Algorithm URIs</a></li><li class="tocline"><a href="#canonicalization-uris" class="tocxref"><span class="secno">11. </span>Canonicalization Algorithms</a><ul class="toc"><li class="tocline"><a href="#inclusive-c14n" class="tocxref"><span class="secno">11.1 </span>Inclusive Canonicalization</a></li><li class="tocline"><a href="#exc-c14n" class="tocxref"><span class="secno">11.2 </span>Exclusive Canonicalization</a></li><li class="tocline"><a href="#c14n2" class="tocxref"><span class="secno">11.3 </span>Canonicalization 2.0</a></li></ul></li><li class="tocline"><a href="#encoding-uris" class="tocxref"><span class="secno">12. </span>Encoding Algorithms</a></li><li class="tocline"><a href="#signature-transform-uris" class="tocxref"><span class="secno">13. </span>Transform Algorithms</a></li><li class="tocline"><a href="#retrievalmethod" class="tocxref"><span class="secno">14. </span>Retrieval method type identifiers</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
<div id="Introduction" class="section">
<!--OddPage--><h2><span class="secno">1. </span>Introduction</h2>
<p>
The various XML Security specifications have defined a number of
algorithms of various types, while allowing and expecting additional
algorithms to be defined later. Over time, these identifiers have been
defined in a number of different specifications, including XML Signature,
XML Encryption, RFCs and elsewhere.
</p>
<p>
This makes it difficult for users of the XML Security specifications to
know whether and where a URI for an algorithm of interest has
been defined,
and can lead to the use of incorrect URIs. The purpose of this
Note is to
collect the various known URIs at the time of its publication
and indicate
the specifications in which they are defined in order to avoid confusion
and errors.
</p>
<p>
This note is not intended as an exhaustive list of all known related
identifiers, some of which may have been defined by other standards or
specifications. Furthermore, this note is not to be taken as normative
regarding the information provided; if information here
conflicts with the
referenced specification, the specification takes precedence
in all cases.
</p>
<p>
The architecture of the XML Security specifications
distinguishes between the (universally
useful) identifiers for algorithms and the roles that these
algorithms can take. Roles are
identified through elements
like <code>ds:SignatureMethod</code>,
<code>ds:DigestMethod</code>, <code>ds:CanonicalizationMethod</code>, or
<code>ds:Transform</code>, whereas the algorithms are
identified through URIs. Explicit
parameters for the respective algorithms are transmitted in
child elements of the role
element.
</p>
<p>
This note indicates explicitly whether an algorithm is
mandatory or recommended in other
specifications. If nothing is said, then readers should
assume that support for the
algorithms given is optional.
</p>
</div>
<div id="namespaces" class="section">
<!--OddPage--><h2><span class="secno">2. </span>Namespaces</h2>
<p>
This specification uses the following XML namespace prefixes:
</p>
<dl>
<dt><code>ds</code></dt>
<dd><code>http://www.w3.org/2000/09/xmldsig#</code></dd>
<dt><code>xenc</code></dt>
<dd><code>http://www.w3.org/2001/04/xmlenc#</code></dd>
<dt><code>dsig11</code></dt>
<dd><code>http://www.w3.org/2009/xmldsig11#</code></dd>
<dt><code>dsigmore</code></dt>
<dd><code>http://www.w3.org/2001/04/xmldsig-more#</code></dd>
</dl>
<p>
Algorithm URIs have been coined in a variety of namespaces,
and are always given in full.
</p>
</div>
<div id="signature-method-uris" class="section">
<!--OddPage--><h2><span class="secno">3. </span>Signature Algorithms</h2>
<p>
The algorithms listed in this section are typically used in
the signature algorithm role,
identified through
the <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-SignatureMethod"><code>ds:SignatureMethod</code></a>
role element (
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
, section 4.3.2). Each signature method takes
an octet-stream as input, and produces a signature value (an
octet-stream that is always
base64 encoded,
see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-SignatureValue">
section
4.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
).
</p>
<div id="DSA" class="section">
<h3><span class="secno">3.1 </span>DSA</h3>
<p>
A container for key material, <code>ds:DSAKeyValue</code>, is defined in <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-DSAKeyValue">section
4.4.2.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
. When used with
<code>ds:RetrievalMethod</code>, this container type is identified through the URI
<code>http://www.w3.org/2000/09/xmldsig#DSAKeyValue</code>.
</p>
<dl>
<dt>DSA-SHA1</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2000/09/xmldsig#dsa-sha1</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-DSA">section 6.4.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
</dl>
<p>Implementation of this algorithm is required in both
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
and
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
. We anticipate that future versions of XML Signature
will include make this algorithm mandatory to implement for signature verification only,
and optional to implement for signature generation. Use of this algorithm is discouraged.
</p>
</dd>
<dt>DSA-SHA256</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmldsig11#dsa-sha256</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2010/WD-xmldsig-core1-20100204/#sec-DSA">section
6.4.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE1">XMLDSIG-CORE1</a></cite>]
</dd>
</dl>
<p>Implementation of this algorithm is optional. Permissible lengths of the prime
modulus are 2048 and 3072.
</p>
</dd>
</dl>
</div>
<div id="RSA" class="section">
<h3><span class="secno">3.2 </span>RSA</h3>
<p>
This section lists variants of the RSA algorithm. A container for key material,
<code>ds:RSAKeyValue</code>, is defined in <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-RSAKeyValue">section
4.4.2.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
. When used with
<code>ds:RetrievalMethod</code>, this container type is identified through the URI
<code>http://www.w3.org/2000/09/xmldsig#RSAKeyValue</code>.
</p>
<dl>
<dt>RSA-MD5</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#rsa-md5</dd>
<dt>Specified in:</dt>
<dd>section 2.3.1 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
<p>
We only list the algorithm URI for RSA-MD5 for the sake of completeness. The
cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is
discouraged at this time.
</p>
</dd>
<dt>RSA-SHA1</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2000/09/xmldsig#rsa-sha1</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-PKCS1">section 6.4.2</a>
of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
</dd>
</dl>
<p>Implementation of this algorithm is recommended in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
and
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
. Use of this algorithm for signature generation will be
discouraged in future versions of the XML Signature specification.
</p>
</dd>
<dt>RSA-SHA256</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</dd>
<dt>Specified in:</dt>
<dd>section 2.3.2 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
<p>
This algorithm is under consideration as a mandatory to implement algorithm for a
future version of XML Signature
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE1">XMLDSIG-CORE1</a></cite>]
.
</p>
</dd>
<dt>RSA-SHA384</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#rsa-sha384</dd>
<dt>Specified in:</dt>
<dd>section 2.3.3 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>RSA-SHA512</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</dd>
<dt>Specified in:</dt>
<dd>section 2.3.4 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>RSA-RIPEMD160</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160</dd>
<dt>Specified in:</dt>
<dd>section 2.3.5 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<div id="ECDSA" class="section">
<h3><span class="secno">3.3 </span>Elliptic Curve DSA</h3>
<p>
This section lists various variants of the Elliptic Curve
DSA (ECDSA) algorithm. A container
for key material, <code>dsigmore:ECDSAKeyValue</code>, is
defined in
section 3.4.1 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4050">RFC4050</a></cite>]. No <code>ds:RetrievalMethod</code> type URI is
defined for
this
container.
</p>
<p>
Work is under way to revise this container format.
See <a href="http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/#sec-ECKeyValue">section
4.5.2.3</a>, for description of <code>ECKeyValue</code>
element defined in [<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE1">XMLDSIG-CORE1</a></cite>].
</p>
<dl>
<dt>ECDSA-SHA1</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1</dd>
<dt>Specified in:</dt>
<dd>section 2.3.6 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
<p>
Given recent cryptographic results about the SHA1 hash
algorithm, users of this
algorithm should apply similar caution to other SHA1
based algorithms, and treat it as
an algorithm whose use is discouraged.
</p>
</dd>
<dt>ECDSA-SHA224</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224</dd>
<dt>Specified in:</dt>
<dd>section 2.3.6 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>ECDSA-SHA256</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256</dd>
<dt>Specified in:</dt>
<dd>section 2.3.6 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
<p>
This algorithm is under consideration as a mandatory to implement algorithm for a future
version of XML Signature
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE1">XMLDSIG-CORE1</a></cite>].
</p>
</dd>
<dt>ECDSA-SHA384</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384</dd>
<dt>Specified in:</dt>
<dd>section 2.3.6 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>ECDSA-SHA512</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512</dd>
<dt>Specified in:</dt>
<dd>section 2.3.6 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<div id="hmac" class="section">
<h3><span class="secno">3.4 </span>HMAC</h3>
<p>
The following URIs have been defined for various Message Authentication Codes that use the
HMAC construction
[<cite><a class="bibref" rel="biblioentry" href="#bib-HMAC">HMAC</a></cite>]
. All of these algorithms take an explicit
truncation length parameter. A container for this parameter, <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-HMAC"><code>ds:HMACOutputLength</code></a>,
is defined in section 6.3.1 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
. This container occurs as a
child element of the role element.
</p>
<dl>
<dt>HMAC-SHA1</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2000/09/xmldsig#hmac-sha1</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-MACs">section 6.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
</dd>
</dl>
<p>This algorithm is used as the default MAC algorithm in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XKMS2">XKMS2</a></cite>]
. It
is mandatory to implement in XML Signature
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
,
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</p>
</dd>
<dt>HMAC-SHA256</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#hmac-sha256</dd>
<dt>Specified in:</dt>
<dd>section 2.2.2 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
<p>This algorithm is under consideration as a recommended algorithm for a future version
of XML Signature
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE1">XMLDSIG-CORE1</a></cite>]
.
</p>
</dd>
<dt>HMAC-SHA384</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#hmac-sha384</dd>
<dt>Specified in:</dt>
<dd>section 2.2.2 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>HMAC-SHA512</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#hmac-sha512</dd>
<dt>Specified in:</dt>
<dd>section 2.2.2 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>HMAC-RIPEMD160</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160</dd>
<dt>Specified in:</dt>
<dd>Section 2.2.3 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
</div>
<div id="digest-method-uris" class="section">
<!--OddPage--><h2><span class="secno">4. </span>Digest Methods</h2>
<p>
The following URIs have been defined for Digest Methods. They are typically used in the
<a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-DigestMethod"><code>ds:DigestMethod</code></a>
role in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
. Note that <code>ds:DigestMethod</code> also occurs as
in the context of <a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-Alg-KeyAgreement"><code>xenc:AgreementMethod</code></a>,
as specified in the <a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-Alg-KeyAgreement">Key
Agreement</a> part of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
<div id="sec-md5" class="section">
<h3><span class="secno">4.1 </span>MD5</h3>
<dl>
<dt>MD5</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#md5</dd>
<dt>Specified in:</dt>
<dd>section 2.1.1 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
<p>
We only list the algorithm URI for MD5 for the sake of completeness. The cryptographic
strength of this algorithm is sufficiently doubtful that its use is not recommended at this
time.
</p>
</dd>
</dl>
</div>
<div id="sha" class="section">
<h3><span class="secno">4.2 </span>SHA variants</h3>
<p>
Note that URIs for the various algorithms of the Secure Hash Algorithm family have been
coined in a number of name spaces and specifications, specifically
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
(and, in this regard identically,
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
),
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
, and
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
.
</p>
<dl>
<dt>SHA-1</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2000/09/xmldsig#sha1</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-SHA-1">section
6.2.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
</dl>
<p>
SHA-1 is the only digest algorithm defined in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
, and is
mandatory to implement in that specification, and in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
Given recent cryptographic research, however, it is expected that use of this
algorithm (and signature algorithms that are based upon it) will be discouraged in
forthcoming versions of XML Signature.
</p>
</dd>
<dt>SHA-224</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#sha224</dd>
<dt>Specified in:</dt>
<dd>section 2.1.2 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>SHA-256</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#sha256</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-SHA256">section 5.7.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is under consideration as a mandatory to implement algorithm for a
future version of XML Signature
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE1">XMLDSIG-CORE1</a></cite>]
. It is recommended in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
</dd>
<dt>SHA-384</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#sha384</dd>
<dt>Specified in:</dt>
<dd>section 2.1.3 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>SHA-512</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#sha512</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-SHA512">section 5.7.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<div id="sec-ripemd160" class="section">
<h3><span class="secno">4.3 </span>RIPEMD-160</h3>
<dl>
<dt>RIPEMD-160</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#ripemd160</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RIPEMD-160">section
5.7.4</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
</div>
<div id="symmetric-encryption-uris" class="section">
<!--OddPage--><h2><span class="secno">5. </span>Symmetric Key Encryption Algorithms</h2>
<p>The following URIs have been defined for symmetric key encryption algorithms. They
typically appear in the <code>xenc:EncryptionMethod</code> role.
</p>
<div id="tripledes" class="section">
<h3><span class="secno">5.1 </span>Triple DES</h3>
<dl>
<dt>Triple DES (CBC mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-tripledes-cbc">section
5.2.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
</dd>
</dl>
</div>
<div id="aes" class="section">
<h3><span class="secno">5.2 </span>AES</h3>
<dl>
<dt>AES-128 (CBC mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#aes128-cbc</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES">section 5.2.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
</dd>
<dt>AES-192 (CBC mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#aes192-cbc</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES">section 5.2.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
</dd>
<dt>AES-256 (CBC mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#aes256-cbc</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-AES">section 5.2.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
</dd>
<dt>AES128-GCM</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#aes128-gcm</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2011/CR-xmlenc-core1-20110303/#sec-AES-GCM">section 5.2.4</a> of [<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
<p>
This algorithm is optional to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>].
</p>
</dd>
<dt>AES256-GCM</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#aes256-gcm</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2011/CR-xmlenc-core1-20110303/#sec-AES-GCM">section 5.2.4</a> of [<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
<p>
This algorithm is optional to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>].
</p>
</dd>
</dl>
</div>
<div id="camellia" class="section">
<h3><span class="secno">5.3 </span>Camellia</h3>
<dl>
<dt>Camellia 128 (CBC mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc</dd>
<dt>Specified in:</dt>
<dd>section 2.6.2 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>Camellia 192 (CBC mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc</dd>
<dt>Specified in:</dt>
<dd>section 2.6.2 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>Camellia 256 (CBC mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc</dd>
<dt>Specified in:</dt>
<dd>section 2.6.2 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<!-- For ARC4
<div2 id="streamciphers">
<head>Stream Encryption Algorithms</head>
</div2>
-->
</div>
<div id="key-transport-uris" class="section">
<!--OddPage--><h2><span class="secno">6. </span>Key Transport Algorithms</h2>
<p>The following URIs have been defined for key transport algorithms.</p>
<div id="rsa15" class="section">
<h3><span class="secno">6.1 </span>RSA v1.5</h3>
<dl>
<dt>RSA-v1.5</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#rsa-1_5</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RSA-1_5">section 5.4.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
</dd>
</dl>
</div>
<div id="rsa-oaep" class="section">
<h3><span class="secno">6.2 </span>RSA OAEP</h3>
<dl>
<dt>RSA-OAEP (including MGF1 with SHA1 mask generation function)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RSA-OAEP">section 5.4.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]. This version has a fixed mask generation
function of MGF1 with SHA1.
</dd>
</dl>
</dd>
<dt>RSA-OAEP</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#rsa-oaep</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RSA-OAEP">section 5.4.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]. This version allows the mask generation
function to be specified explicitly.
</dd>
</dl>
</dd>
<dt>RSA-OAEP MGF1 with SHA* definitions</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>MGF1 with SHA1: http://www.w3.org/2009/xmlenc11#mgf1sha1</dd>
<dd>MGF1 with SHA224:
http://www.w3.org/2009/xmlenc11#mgf1sha224</dd>
<dd>MGF1 with SHA256:
http://www.w3.org/2009/xmlenc11#mgf1sha256</dd>
<dd>MGF1 with SHA384:
http://www.w3.org/2009/xmlenc11#mgf1sha384</dd>
<dd>MGF1 with SHA512:
http://www.w3.org/2009/xmlenc11#mgf1sha512</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-RSA-OAEP">section 5.4.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]. These URIs are for defining the specific
mask generation
function.
</dd>
</dl>
</dd>
</dl>
</div>
</div>
<div id="key-derivation-uris" class="section">
<!--OddPage--><h2><span class="secno">7. </span>Key Derivation Algorithm URIs</h2>
<p>The following URIs have been defined for key derivation algorithms.</p>
<div id="concatkdf" class="section">
<h3><span class="secno">7.1 </span>ConcatKDF</h3>
<dl>
<dt>ConcatKDF</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#ConcatKDF</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlenc-core1/#sec-ConcatKDF">section
5.4.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<div id="pbkdf2" class="section">
<h3><span class="secno">7.2 </span>PBKDF2</h3>
<dl>
<dt>PBKDF2</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#pbkdf2</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlenc-core1/#sec-PBKDF2">section 5.4.2</a>
of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
</div>
<div id="key-agreement-uris" class="section">
<!--OddPage--><h2><span class="secno">8. </span>Key Agreement Algorithm URIs</h2>
<p>The following URIs have been defined for key agreement algorithms.</p>
<dl>
<dt>Diffie Hellman with Legacy Key Derivation Function
(Ephemeral-Static mode) </dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#dh</dd>
<dt>Specified in:</dt>
<dd>
<a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-DHKeyAgreement">section 5.5.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>While this is the only key agreement algorithm defined in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>], it is optional to implement.
</p>
<p>A container for key material for this key agreement algorithm,
<code>xenc:DHKeyValue</code>, is defined in
<a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-DHKeyValue">section 5.5.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>] . When used
with <code>ds:RetrievalMethod</code>, this
container type is identified through the
URI <code>http://www.w3.org/2001/04/xmlenc#dh</code>.
</p>
</dd>
<dt>Diffie-Hellman with explicit Key Derivation Functions
(Ephemeral-Static Mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#dh-es</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlenc-core1/#sec-DHKeyAgreementExplicitKDF">section 5.6.2.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
<p>This algorithm is an optional to implement algorithm for a
future version of XML Encryption.
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>].
</p>
</dd>
<dt>Elliptic Key Diffie-Hellman Key Agreement
(Ephemeral-Static Mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#ECDH-ES</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES">section 5.6.4</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
<p>This algorithm is under consideration as a mandatory to implement algorithm for a
future version of XML Encryption.
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>].
</p>
</dd>
</dl>
</div>
<div id="symmetric-key-wrap-uris" class="section">
<!--OddPage--><h2><span class="secno">9. </span>Symmetric Key Wrap Algorithm URIs</h2>
<p>The following URIs have been defined for symmetric key wrap algorithms.</p>
<div id="cms3deskeywrap" class="section">
<h3><span class="secno">9.1 </span>CMS Triple-DES Key Wrap</h3>
<dl>
<dt>CMS Triple-DES Key Wrap</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#kw-tripledes</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-tripledes">section 5.6.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
</dd>
</dl>
</div>
<div id="aeskeywrap" class="section">
<h3><span class="secno">9.2 </span>AES Key Wrap</h3>
<dl>
<dt>AES Key Wrap 128</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#kw-aes128</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes">section 5.6.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
</dd>
<dt>AES Key Wrap 128 with padding</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#kw-aes-128-pad</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad">section
5.7.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
</dd>
<dt>AES Key Wrap 192</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#kw-aes192</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes">section 5.6.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
</dd>
<dt>AES Key Wrap 192 with padding</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#kw-aes-192-pad</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad">section
5.7.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
</dd>
<dt>AES Key Wrap 256</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmlenc#kw-aes256</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-kw-aes">section
5.6.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]
.
</p>
</dd>
<dt>AES Key Wrap 256 with padding</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2009/xmlenc11#kw-aes-256-pad</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad">section
5.7.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE1">XMLENC-CORE1</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<div id="camilliakeywrap" class="section">
<h3><span class="secno">9.3 </span>Camellia Key Wrap</h3>
<dl>
<dt>Camellia Key Wrap 128</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#kw-camellia128</dd>
<dt>Specified in:</dt>
<dd>section 2.6.3 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>Camellia Key Wrap 192</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#kw-camellia192</dd>
<dt>Specified in:</dt>
<dd>section 2.6.3 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
<dt>Camellia Key Wrap 256</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/04/xmldsig-more#kw-camellia256</dd>
<dt>Specified in:</dt>
<dd>section 2.6.3 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
</div>
<div id="generic-hybrid-cipher-uris" class="section">
<!--OddPage--><h2><span class="secno">10. </span>Generic Hybrid Cipher Algorithm URIs</h2>
<p>The following URIs have been defined for generic hybrid
cipher algorithms.
</p>
<dl>
<dt>Generic-Hybrid</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2010/xmlsec-ghc#generic-hybrid</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlsec-generic-hybrid/#sec-generic-hybrid">section
4.2.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLSEC-GHCIPHERS">XMLSEC-GHCIPHERS</a></cite>]
</dd>
</dl>
</dd>
<dt>RSAES-KEM</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2010/xmlsec-ghc#rsaes-kem</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlsec-generic-hybrid/#sec-rsaes-kem">section
4.3.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLSEC-GHCIPHERS">XMLSEC-GHCIPHERS</a></cite>]
</dd>
</dl>
</dd>
<dt>ECIES-KEM</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2010/xmlsec-ghc#ecies-kem</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xmlsec-generic-hybrid/#sec-ecies-kem">section
4.3.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLSEC-GHCIPHERS">XMLSEC-GHCIPHERS</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<div id="canonicalization-uris" class="section">
<!--OddPage--><h2><span class="secno">11. </span>Canonicalization Algorithms</h2>
<p>
Canonicalization algorithms are used in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
; they are typically used
in the <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-CanonicalizationMethod"><code>ds:CanonicalizationMethod</code></a>
and <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Transforms"><code>ds:Transform</code></a> roles.
</p>
<div id="inclusive-c14n" class="section">
<h3><span class="secno">11.1 </span>Inclusive Canonicalization</h3>
<p>
Canonical XML 1.0
[<cite><a class="bibref" rel="biblioentry" href="#bib-XML-C14N">XML-C14N</a></cite>]
without comments is mandatory to implement in
both XML Signature
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
and XML Signature Second Edition
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
. XML Signature Second Edition recommends use of Canonical XML 1.1
[<cite><a class="bibref" rel="biblioentry" href="#bib-XML-C14N11">XML-C14N11</a></cite>]
over use of Canonical XML 1.0 when inclusive canonicalization
is desired, to address known issues with Canonical XML 1.0.
</p>
<p>
The canonicalization methods listed in this section accept a node-set or octet-stream as
input, and produce an octet-stream as output.
</p>
<dl>
<dt>Canonical XML 1.0 (omit comments)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Canonical">section
6.5.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
and
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</p>
</dd>
<dt>Canonical XML 1.0 (with comments)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Canonical">section
6.5.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
</dl>
</dd>
<dt>Canonical XML 1.1 (omit comments)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2006/12/xml-c14n11</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Canonical11">section 6.5.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
</dl>
<p>
This algorithm is mandatory to implement in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
. Its use is
recommended over Canonical XML 1.0.
</p>
</dd>
<dt>Canonical XML 1.1 (with comments)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2006/12/xml-c14n11#WithComments</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Canonical11">section 6.5.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<div id="exc-c14n" class="section">
<h3><span class="secno">11.2 </span>Exclusive Canonicalization</h3>
<dl>
<dt>Exclusive Canonicalization XML 1.0 (omit comments)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/10/xml-exc-c14n#</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xml-exc-c14n/#sec-Use">section 4</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XML-EXC-C14N">XML-EXC-C14N</a></cite>]
</dd>
</dl>
</dd>
<dt>Exclusive Canonicalization XML 1.0 (with comments)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2001/10/xml-exc-c14n#WithComments</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xml-exc-c14n/#sec-Use">section 4</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XML-EXC-C14N">XML-EXC-C14N</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
<div id="c14n2" class="section">
<h3><span class="secno">11.3 </span>Canonicalization 2.0</h3>
<dl>
<dt>Canonical XML 2.0</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2010/10/xml-c14n2</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/xml-c14n2/#sec-Use-in-Signature">section 3.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XML-C14N20">XML-C14N20</a></cite>]
</dd>
</dl>
</dd>
</dl>
</div>
</div>
<div id="encoding-uris" class="section">
<!--OddPage--><h2><span class="secno">12. </span>Encoding Algorithms</h2>
<dl>
<dt>Base64 encoding</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2000/09/xmldsig#base64</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Base-64">section 6.6.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
<dt>Input:</dt>
<dd>octet-stream, node-set</dd>
<dt>Output:</dt>
<dd>octet-stream</dd>
</dl>
<p>
Implementation is required in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
and
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]. Note that the same URI is used to
identify base64 both in "encoding" context as well as in
"transform" context.
</p>
</dd>
</dl>
</div>
<div id="signature-transform-uris" class="section">
<!--OddPage--><h2><span class="secno">13. </span>Transform Algorithms</h2>
<p>
This section lists algorithms that typically occur in the <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Transforms"><code>ds:Transform</code></a>
role. <code>ds:Transform</code> is defined in detail in the XML Signature <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-ReferenceProcessingModel">Reference Processing
Model</a> (
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
, section 4.3.3.2). This processing model is, in
turn, applied both to signed material, and to key material referenced through <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-RetrievalMethod"><code>ds:RetrievalMethod</code></a>
(
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
, <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-RetrievalMethod">section 4.4.3</a>).
</p>
<p>
The <code>ds:Transform</code> role element is also used by the optional
<code>xenc:Transforms</code> feature which is specified in the context of <a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-CipherReference"><code>xenc:CipherReference</code></a>
in XML Encryption (
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>],
<a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/#sec-CipherReference">section 3.3.1</a>).
</p>
<p>
Transform algorithms can take an octet-stream or a node-set as input, and can produce either
an octet-stream or a node-set as output.
</p>
<dl>
<dt>Base64 decoding transform</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2000/09/xmldsig#base64</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Base-64">section 6.6.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
<dt>Input:</dt>
<dd>octet-stream, node-set</dd>
<dt>Output:</dt>
<dd>octet-stream</dd>
</dl>
<p>
Implementation is required in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
and
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-CORE">XMLENC-CORE</a></cite>]. Note that the same URI is used to
identify base64 both in "encoding" context as well as in
"transform" context.
</p>
</dd>
<dt>XPath Filtering</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/TR/1999/REC-xpath-19991116</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-XPath">section 6.6.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
<dt>Input:</dt>
<dd>octet-stream, node-set</dd>
<dt>Output:</dt>
<dd>node-set</dd>
</dl>
</dd>
<dt>XML-Signature XPath Filter 2.0</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2002/06/xmldsig-filter2</dd>
<dt>Specified in:</dt>
<dd>
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-XPATH-FILTER2">XMLDSIG-XPATH-FILTER2</a></cite>]
</dd>
<dt>Input:</dt>
<dd>octet-stream, node-set</dd>
<dt>Output:</dt>
<dd>node-set</dd>
</dl>
</dd>
<dt>Enveloped Signature Transform</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2000/09/xmldsig#enveloped-signature</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-EnvelopedSignature">section 6.6.4</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
<dt>Input:</dt>
<dd>node-set (same-document)</dd>
<dt>Output:</dt>
<dd>node-set</dd>
</dl>
<p>
This transform is required in
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE2002">XMLDSIG-CORE2002</a></cite>]
,
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</p>
</dd>
<dt>XSLT Transform</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/TR/1999/REC-xslt-19991116</dd>
<dt>Specified in:</dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-XSLT">section 6.6.5</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
</dd>
<dt>Input:</dt>
<dd>octet-stream</dd>
<dt>Output:</dt>
<dd>octet-stream</dd>
</dl>
</dd>
<dt>Decryption Transform (XML mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2002/07/decrypt#XML</dd>
<dt>Specified in:</dt>
<dd>
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-DECRYPT">XMLENC-DECRYPT</a></cite>]
</dd>
<dt>Input:</dt>
<dd>node-set</dd>
<dt>Output:</dt>
<dd>node-set</dd>
</dl>
</dd>
<dt>Decryption Transform (binary mode)</dt>
<dd>
<dl>
<dt>URI:</dt>
<dd>http://www.w3.org/2002/07/decrypt#Binary</dd>
<dt>Specified in:</dt>
<dd>
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLENC-DECRYPT">XMLENC-DECRYPT</a></cite>]
</dd>
<dt>Input:</dt>
<dd>node-set</dd>
<dt>Output:</dt>
<dd>octet-stream</dd>
</dl>
</dd>
</dl>
</div>
<div id="retrievalmethod" class="section">
<!--OddPage--><h2><span class="secno">14. </span>Retrieval method type identifiers</h2>
<p>
The <code>ds:RetrievalMethod</code> element permits referencing key material that is stored
outside a <code>ds:KeyInfo</code> element. The type of the material that results from
retrieval of the URI reference (and possible transform processing) can be identified using
the <code>Type</code> attribute.
</p>
<p>
<em>Note:</em> <code>ds:RetrievalMethod</code> may be deprecated in future versions of
XML Signature, and is rarely used in practice.
</p>
<p>
The following <code>Type</code> values identify an XML element or document with the given
element as its root:
</p>
<dl>
<dt>http://www.w3.org/2000/09/xmldsig#DSAKeyValue</dt>
<dd><code>ds:DSAKeyValue</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-DSAKeyValue">section
4.4.2.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2000/09/xmldsig#RSAKeyValue</dt>
<dd><code>ds:RSAKeyValue</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-RSAKeyValue">section
4.4.2.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2000/09/xmldsig#X509Data</dt>
<dd><code>ds:X509Data</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-X509Data">section
4.4.4</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2000/09/xmldsig#PGPData</dt>
<dd><code>ds:PGPData</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-PGPData">section
4.4.5</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2000/09/xmldsig#SPKIData</dt>
<dd><code>ds:SPKIData</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-SPKIData">section
4.4.6</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2000/09/xmldsig#MgmtData</dt>
<dd><code>ds:MgmtData</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-MgmtData">section
4.4.7</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2001/04/xmldsig-more#KeyValue</dt>
<dd><code>ds:KeyValue</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-KeyValue">section
4.4.2</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod</dt>
<dd><code>ds:RetrievalMethod</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-RetrievalMethod">section
4.4.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2001/04/xmldsig-more#KeyName</dt>
<dd><code>ds:KeyName</code>, see <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-KeyName">section
4.4.1</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE">XMLDSIG-CORE</a></cite>]
.
</dd>
<dt>http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData</dt>
<dd><code>dsigmore:PKCS7signedData</code>, see section 3.1 of
[<cite><a class="bibref" rel="biblioentry" href="#bib-RFC4051">RFC4051</a></cite>]
.
</dd>
<dt>http://www.w3.org/2009/xmldsig11#ECKeyValue</dt>
<dd><code>dsig11:ECKeyValue</code>, see
<a href="http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/#sec-ECKeyValue">section
4.5.2.3</a> of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE1">XMLDSIG-CORE1</a></cite>]
.
</dd>
<dt>http://www.w3.org/2009/xmldsig11#DEREncodedKeyValue</dt>
<dd><code>dsig11:DEREncodedKeyValue</code>, see
<a href="http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/#sec-DEREncodedKeyValue">section 4.5.9</a>
of
[<cite><a class="bibref" rel="biblioentry" href="#bib-XMLDSIG-CORE1">XMLDSIG-CORE1</a></cite>]
.
</dd>
</dl>
<p>
The following <code>Type</code> values identify the type of raw binary data:
</p>
<dl>
<dt>http://www.w3.org/2001/04/xmldsig-more#rawX509CRL</dt><dd></dd>
<dt>http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket</dt><dd></dd>
<dt>http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp</dt><dd></dd>
<dt>http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData</dt><dd></dd>
<dt>http://www.w3.org/2000/09/xmldsig#rawX509Certificate</dt><dd></dd>
</dl>
</div>
<!-- <section id="thanks"> -->
<!-- <h1>Acknowledgments</h1> -->
<!-- <p> -->
<!-- T -->
<!-- </p> -->
<!-- </section> -->
<div id="references" class="appendix section"><!--OddPage--><h2><span class="secno">A. </span>References</h2><p>Dated references below are to the latest known or appropriate edition of the referenced work. The referenced works may be subject to revision, and conformant implementations may follow, and are encouraged to investigate the appropriateness of following, some or all more recent editions or replacements of the works cited. It is in each case implementation-defined which editions are supported.</p><div id="normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><p>No normative references.</p></div><div id="informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography"><dt id="bib-HMAC">[HMAC]</dt><dd>H. Krawczyk, M. Bellare, R. Canetti. <a href="http://www.ietf.org/rfc/rfc2104.txt"><cite>HMAC: Keyed-Hashing for Message Authentication</cite></a>. February 1997. IETF RFC 2104. URL: <a href="http://www.ietf.org/rfc/rfc2104.txt">http://www.ietf.org/rfc/rfc2104.txt</a>
</dd><dt id="bib-RFC4050">[RFC4050]</dt><dd>S. Blake-Wilson, G. Karlinger, T. Kobayashi, Y. Wang. <a href="http://www.ietf.org/rfc/rfc4050.txt"><cite>Using the Elliptic Curve Signature Algorithm (ECDSA) for XML Digital Signatures.</cite></a> IETF RFC 4050. April 2005. URL: <a href="http://www.ietf.org/rfc/rfc4050.txt">http://www.ietf.org/rfc/rfc4050.txt</a>
</dd><dt id="bib-RFC4051">[RFC4051]</dt><dd>D. Eastlake 3rd. <a href="http://www.ietf.org/rfc/rfc4051.txt"><cite>Additional XML Security Uniform Resource Identifiers</cite></a>. RFC 4051 April 2005. URL: <a href="http://www.ietf.org/rfc/rfc4051.txt">http://www.ietf.org/rfc/rfc4051.txt</a>
</dd><dt id="bib-XKMS2">[XKMS2]</dt><dd>Shivaram H. Mysore; Phillip Hallam-Baker. <a href="http://www.w3.org/TR/2005/REC-xkms2-20050628/"><cite>XML Key Management Specification (XKMS 2.0).</cite></a> 28 June 2005. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2005/REC-xkms2-20050628/">http://www.w3.org/TR/2005/REC-xkms2-20050628/</a>
</dd><dt id="bib-XML-C14N">[XML-C14N]</dt><dd>John Boyer. <a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"><cite>Canonical XML Version 1.0.</cite></a> 15 March 2001. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>
</dd><dt id="bib-XML-C14N11">[XML-C14N11]</dt><dd>John Boyer, Glenn Marcy. <a href="http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/"><cite>Canonical XML Version 1.1.</cite></a> 2 May 2008. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/">http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/</a>
</dd><dt id="bib-XML-C14N20">[XML-C14N20]</dt><dd>John Boyer; Glen Marcy; Pratik Datta; Frederick Hirsch. <a href="http://www.w3.org/TR/2011/WD-xml-c14n2-20110421/"><cite>Canonical XML Version 2.0.</cite></a> 21 April 2011. W3C Last Call Working Draft. (Work in progress) URL: <a href="http://www.w3.org/TR/2011/WD-xml-c14n2-20110421/">http://www.w3.org/TR/2011/WD-xml-c14n2-20110421/</a>
</dd><dt id="bib-XML-EXC-C14N">[XML-EXC-C14N]</dt><dd>Donald E. Eastlake 3rd; Joseph Reagle; John Boyer. <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/"><cite>Exclusive XML Canonicalization Version 1.0.</cite></a> 18 July 2002. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/</a>
</dd><dt id="bib-XMLDSIG-CORE">[XMLDSIG-CORE]</dt><dd>Joseph Reagle; et al. <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/"><cite>XML Signature Syntax and Processing (Second Edition).</cite></a> 10 June 2008. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/">http://www.w3.org/TR/2008/REC-xmldsig-core-20080610</a>
</dd><dt id="bib-XMLDSIG-CORE1">[XMLDSIG-CORE1]</dt><dd>D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. <a href="http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/"><cite>XML Signature Syntax and Processing Version 1.1.</cite></a> 3 March 2011. W3C Candidate Recommendation. (Work in progress.) URL: <a href="http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/">http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/</a>
</dd><dt id="bib-XMLDSIG-CORE2002">[XMLDSIG-CORE2002]</dt><dd>Joseph Reagle; et al. <a href="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/"><cite>XML Signature Syntax and Processing.</cite></a> 12 February 2002. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/">http://www.w3.org/TR/2002/REC-xmldsig-core-20020212</a>
</dd><dt id="bib-XMLDSIG-XPATH-FILTER2">[XMLDSIG-XPATH-FILTER2]</dt><dd>Merlin Hughes; John Boyer; Joseph Reagle. <a href="http://www.w3.org/TR/2002/REC-xmldsig-filter2-20021108/"><cite>XML-Signature XPath Filter 2.0.</cite></a> 8 November 2002. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2002/REC-xmldsig-filter2-20021108/">http://www.w3.org/TR/2002/REC-xmldsig-filter2-20021108/</a>
</dd><dt id="bib-XMLENC-CORE">[XMLENC-CORE]</dt><dd>Donald Eastlake; Joseph Reagle. <a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/"><cite>XML Encryption Syntax and Processing.</cite></a> 10 December 2002. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/">http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/</a>
</dd><dt id="bib-XMLENC-CORE1">[XMLENC-CORE1]</dt><dd>J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. <a href="http://www.w3.org/TR/2012/WD-xmlenc-core1-20120105/"><cite>XML Encryption Syntax and Processing Version 1.1.</cite></a> 5 January 2012. W3C Last Call Working Draft. (Work in progress.) URL: <a href="http://www.w3.org/TR/2012/WD-xmlenc-core1-20120105/">http://www.w3.org/TR/2012/WD-xmlenc-core1-20120105/</a>
</dd><dt id="bib-XMLENC-DECRYPT">[XMLENC-DECRYPT]</dt><dd>Takeshi Imamura; Merlin Hughes; Hiroshi Maruyama. <a href="http://www.w3.org/TR/2002/REC-xmlenc-decrypt-20021210"><cite>Decryption Transform for XML Signature.</cite></a> 10 December 2002. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2002/REC-xmlenc-decrypt-20021210">http://www.w3.org/TR/2002/REC-xmlenc-decrypt-20021210</a>
</dd><dt id="bib-XMLSEC-GHCIPHERS">[XMLSEC-GHCIPHERS]</dt><dd>Magnus Nyström; Frederick Hirsch. <a href="http://www.w3.org/TR/2011/CR-xmlsec-generic-hybrid-20110303/"><cite>XML Security Generic Hybrid Ciphers.</cite></a> 3 March 2011. W3C Candidate Recommendation. (Work in progress.) URL: <a href="http://www.w3.org/TR/2011/CR-xmlsec-generic-hybrid-20110303/">http://www.w3.org/TR/2011/CR-xmlsec-generic-hybrid-20110303/</a>
</dd></dl></div></div></body></html>