none
How to encrypt only data of any xml structure RRS feed

  • Question

  • See a sample xml
    --------------------

        <Employees>  
            <Employee Id ="1">  
                <Name>Sagar Shinde</Name>  
                <Country>United States</Country>  
                <Others>  
                    <Role>TL</Role>  
                    <Level>1</Level>  
                </Others>  
            </Employee>  
            <Employee Id = "2">  
                <Name>Swapnil Shinde</Name>  
                <Country>India</Country>  
                <Others>  
                    <Role>AM</Role>  
                    <Level>2</Level>  
                </Others>  
            </Employee>  
            <Employee Id ="3">  
                <Name>Pankaj Shinde</Name>  
                <Country>France</Country>  
                <Others>  
                    <Role>SSE</Role>  
                    <Level>3</Level>  
                </Others>  
            </Employee>  
        </Employees>  

    please share the c# sample code which encrypt only data of any xml structure. xml structure can be simple or complex nested with many attributes.

    i want to encrypt attribute values like Id ="1" so 1 will be encrypted.
    i want to encrypt node data or value like <Country>United States</Country>  so United States will be encrypted.

    i want to use best and strong encryption login with salt key to encrypt xml data.

    so please share a relevant xml encryption c# code which i can use for any xml data whatever xml structure would be there.

    good link https://social.msdn.microsoft.com/Forums/vstudio/en-US/af13c10b-9a03-4cc5-bf51-8897c885b3e3/c-how-to-iterate-and-encrypt-decrypt-data-in-xml?forum=csharpgeneral

    Thanks


    • Edited by Sudip_inn Thursday, March 15, 2018 11:45 AM
    Tuesday, March 13, 2018 9:22 AM

Answers

  • Hello Sudip_inn,

    Try the below code, it applies to general xml structure, which will iterate each xml node to change attributes and values of which.

    static void Main(string[] args)
            {
                XDocument xd = XDocument.Load("../../XMLFile1.xml");
    
                var rootNodes = xd.Root.Nodes();
                ParseProcess(rootNodes);
                xd.Save("Test1.xml");
    
             }
            public static void ParseProcess(IEnumerable<XNode> Nodes) {
    
                foreach (var node in Nodes)
                {
                    var element = node as XElement;
                    EncryptNodeAttribute(element);
                    EncryptNodeValue(element);        
                }
            }
            public static void EncryptNodeValue(XElement node) {
               var elements= node.Elements();
    
                foreach (var element in elements) {
                    if (element.HasElements) {
                        EncryptNodeValue(element);
                    }
                    else
                    {
                        var EncryPt = EncryValue(element.Value);
    
                        element.Value = EncryPt;
                    }
                 
                }         
            }
    
            public static void EncryptNodeAttribute(XElement node)
            {
                var attributes = node.Attributes();
                foreach (var attr in attributes)
                {
                    string str = attr.Value;
                    string result = EncryValue(str) ;
    
                    attr.Value = result;
                }
            }
    
            private static string EncryValue(string str)
            {
                //add your own encryption algorithm
                return str += "dsddsds";
            }

    As for the encryption algorithm, I suggest you could use symmetric encrypt/decrypt like below link.

    Symmetric encrypt/decrypt in .NET

    Best Regards,

    Neil Hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Sudip_inn Wednesday, March 14, 2018 8:46 AM
    Wednesday, March 14, 2018 5:40 AM
    Moderator
  • suppose i have two text Hello and welcome and i want to use any encryption algorithm to encrypt/ decrypt those text. if i use same salt it does not means we get same encrypted value for two different text called  Hello and welcome.

    This would be only true for a stream cipher. Or a block chaining. Both are hard to implement. And they have both the same requirement: The XML file may not be touched. E.g.

    <Employees>  
    	<Employee Id="t8bbbwNQG0RxVHoApZLv" />
    	<Employee Id="zxEXGm5sWITuEDy6d0Ib" />  
    </Employees> 

    In XML this is an allowed operation:

    <Employees>  
    	<Employee Id="zxEXGm5sWITuEDy6d0Ib" />  
    	<Employee Id="t8bbbwNQG0RxVHoApZLv" />
    </Employees> 

    But now you would no longer be able to decrypt the Id values.

    Conclusion: The XML must not be touched.

    But this is already the case with the implementation behind the link I've posted. With two big differences: You can touch the XML and you don't have longer a side channel (with Fei's approach we still know when elements exist, thus e.g. how many employees are in the file).

    While the first point (touching the file) is a mere technical detail, the second point (side channel) does simply not fulfill your requirement of "best encryption".

    So simple encode the entire Employees element, instead of single values.

    • Marked as answer by Sudip_inn Friday, March 16, 2018 1:27 PM
    Thursday, March 15, 2018 3:46 PM

All replies

  • You normally only encrypt entire elements. See How to: Encrypt XML Elements with Asymmetric Keys.

    Tuesday, March 13, 2018 9:35 AM
  • Hello Sudip_inn,

    Try the below code, it applies to general xml structure, which will iterate each xml node to change attributes and values of which.

    static void Main(string[] args)
            {
                XDocument xd = XDocument.Load("../../XMLFile1.xml");
    
                var rootNodes = xd.Root.Nodes();
                ParseProcess(rootNodes);
                xd.Save("Test1.xml");
    
             }
            public static void ParseProcess(IEnumerable<XNode> Nodes) {
    
                foreach (var node in Nodes)
                {
                    var element = node as XElement;
                    EncryptNodeAttribute(element);
                    EncryptNodeValue(element);        
                }
            }
            public static void EncryptNodeValue(XElement node) {
               var elements= node.Elements();
    
                foreach (var element in elements) {
                    if (element.HasElements) {
                        EncryptNodeValue(element);
                    }
                    else
                    {
                        var EncryPt = EncryValue(element.Value);
    
                        element.Value = EncryPt;
                    }
                 
                }         
            }
    
            public static void EncryptNodeAttribute(XElement node)
            {
                var attributes = node.Attributes();
                foreach (var attr in attributes)
                {
                    string str = attr.Value;
                    string result = EncryValue(str) ;
    
                    attr.Value = result;
                }
            }
    
            private static string EncryValue(string str)
            {
                //add your own encryption algorithm
                return str += "dsddsds";
            }

    As for the encryption algorithm, I suggest you could use symmetric encrypt/decrypt like below link.

    Symmetric encrypt/decrypt in .NET

    Best Regards,

    Neil Hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Sudip_inn Wednesday, March 14, 2018 8:46 AM
    Wednesday, March 14, 2018 5:40 AM
    Moderator
  • @Fei thanks for answer and sample code.

    does your code for any xml structure because  xml structure can be complex and nesting level can be too much?

    which encryption logic would strong enough to crack for some one -- Triple Des or Rijndael or AES Encrypt ?

    thanks


    • Edited by Sudip_inn Wednesday, March 14, 2018 8:58 AM
    Wednesday, March 14, 2018 8:47 AM
  • I disagree. Fei's post is not the answer.

    You wrote you want to use salt(s). With the above code EncryValue() does not know on which node or Attribute it is. Thus the same values will get the same encrypted text.

    This is not "best" or "strong". Cause it allows to guess values.

    Wednesday, March 14, 2018 9:48 AM
  • Sir Fei has given a sample function EncryValue(string str) which is not real implementation. i will use Symmetric encrypt where i will use salt during encryption. Fei just show how i can iterate in xml node and value. his hit and answer is sufficient for me. thanks
    Thursday, March 15, 2018 11:43 AM
  • Then I would like to see your working implementation, so that I can recant.
    Thursday, March 15, 2018 12:37 PM
  • Just explain the obvious again:

            public static void EncryptNodeAttribute(XElement node)
            {
                var attributes = node.Attributes();
                foreach (var attr in attributes)
                {
                    string str = attr.Value;
                    string result = EncryValue(str) ;
    
                    attr.Value = result;
                }
            }
    
            private static string EncryValue(string str)
            {
                //add your own encryption algorithm
                return str += "dsddsds";
            

    You're only replacing the values of the element or attribute. But you don't have access to the salt.

    Take this simplified XML:

    <Employees>  
    	<Employee Id ="1">  
    		<Others>  
    			<Level>1</Level>  
    		</Others>  
    	</Employee>  
    </Employees> 

    Each call to EncryValue is EncryValue("1"). You don't have a salt per value only per document. Thus the consequence is, the encrypted text must be equal. So that your encrypted XML looks like:

    <Employees>  
    	<Employee Id ="t8bbbwNQG0RxVHoApZLv">  
    		<Others>  
    			<Level>t8bbbwNQG0RxVHoApZLv</Level>  
    		</Others>  
    	</Employee>  
    </Employees> 

    This is not "use best and strong encryption" cause you have the information that the values of employee id and level are the same. Thus you have a side-channel.

    Thursday, March 15, 2018 2:58 PM
  • Sir, yes i will use same salt to encrypt each node data. if i use different different salt for each data may cause issue when i will decrypt then how could i remember and pass each salt for each node value.


    suppose i have two text Hello and welcome and i want to use any encryption algorithm to encrypt/ decrypt those text. if i use same salt it does not means we get same encrypted value for two different text called  Hello and welcome.

    please share your suggestion and idea would be appreciated. thank

    Thursday, March 15, 2018 3:14 PM
  • suppose i have two text Hello and welcome and i want to use any encryption algorithm to encrypt/ decrypt those text. if i use same salt it does not means we get same encrypted value for two different text called  Hello and welcome.

    This would be only true for a stream cipher. Or a block chaining. Both are hard to implement. And they have both the same requirement: The XML file may not be touched. E.g.

    <Employees>  
    	<Employee Id="t8bbbwNQG0RxVHoApZLv" />
    	<Employee Id="zxEXGm5sWITuEDy6d0Ib" />  
    </Employees> 

    In XML this is an allowed operation:

    <Employees>  
    	<Employee Id="zxEXGm5sWITuEDy6d0Ib" />  
    	<Employee Id="t8bbbwNQG0RxVHoApZLv" />
    </Employees> 

    But now you would no longer be able to decrypt the Id values.

    Conclusion: The XML must not be touched.

    But this is already the case with the implementation behind the link I've posted. With two big differences: You can touch the XML and you don't have longer a side channel (with Fei's approach we still know when elements exist, thus e.g. how many employees are in the file).

    While the first point (touching the file) is a mere technical detail, the second point (side channel) does simply not fulfill your requirement of "best encryption".

    So simple encode the entire Employees element, instead of single values.

    • Marked as answer by Sudip_inn Friday, March 16, 2018 1:27 PM
    Thursday, March 15, 2018 3:46 PM