Encrypt a XML node with a generated symmetric key protected with the public RSA key within a X509 certificate


  DEFINE doc xml.DomDocument
  DEFINE root xml.DomNode
  DEFINE enc xml.Encryption
  DEFINE symkey xml.CryptoKey
  DEFINE kek xml.CryptoKey
  DEFINE cert xml.CryptoX509
  LET doc = xml.DomDocument.Create()
  # Notice that whitespaces are significant in cryptography,
  # therefore it is recommended to remove unnecessary ones
  CALL doc.setFeature("whitespace-in-element-content",FALSE)
    # Load XML file to be encrypted
    CALL doc.load("XMLFileToBeEncrypted.xml")
    LET root = doc.getDocumentElement()
    # Load the X509 certificate and retrieve the public RSA key 
    # for key-encryption purpose
    LET cert = xml.CryptoX509.Create()
    CALL cert.loadPEM("RSA1024Certificate.crt")
    LET kek = cert.createPublicKey(
    # Generate symmetric key for XML encryption purpose
    LET symkey = xml.CryptoKey.Create(
    CALL symkey.generateKey(NULL)
    # Encrypt the entire document
    LET enc = xml.Encryption.Create()
    CALL enc.setKey(symkey) # Set the symmetric key to be used
    CALL enc.setKeyEncryptionKey(kek) # Set the key-encryption key to 
                           # be used for protecting the symmetric key
    CALL enc.setCertificate(cert) # Set the certificate to be added 
                                  # (not mandatory)
    CALL enc.encryptElement(root) # Encrypt
    # Save encrypted document back to disk
    CALL doc.setFeature("format-pretty-print",TRUE)
    CALL doc.save("EncryptedXMLFile.xml")
    DISPLAY "Unable to encrypt XML file :",STATUS
Note: All keys or certificates in PEM or DER format were created with the OpenSSL tool.