XML::Enc - XML::Enc Encryption Support

NAME VERSION SYNOPSIS NAME METHODS new( ... ) decrypt( ... ) encrypt( ... ) AUTHOR COPYRIGHT AND LICENSE

my $decrypter = XML::Enc−>new(
{
key => 't/sign−private.pem',
no_xml_declaration => 1,
},
);
$decrypted = $enc−>decrypt($xml);
my $encrypter = XML::Enc−>new(
{
cert => 't/sign−certonly.pem',
no_xml_declaration => 1,
data_enc_method => 'aes256−cbc',
key_transport => 'rsa−1_5',
},
);
$encrypted = $enc−>encrypt($xml);

NAME

XML::Enc − XML Encryption

METHODS

new( ... )

Constructor. Creates an instance of the XML::Enc object

Arguments:

key

Filename of the private key to be used for decryption.

cert

Filename of the public key to be used for encryption.

no_xml_declaration

Do not return the XML declaration if true (1). Return it if false (0). This is useful for decrypting documents without the declaration such as SAML2 Responses.

data_enc_method

Specify the data encryption method to be used. Supported methods are:

Used in encryption. Optional. Default method: aes256−cbc

	•		tripledes−cbc <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#tripledes-cbc>
	•		aes128−cbc <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#aes128-cbc>
	•		aes192−cbc <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#aes192-cbc>
	•		aes256−cbc <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#aes256-cbc>
	•		aes128−gcm <https://www.w3.org/TR/xmlenc-core/#aes128-gcm>
	•		aes192−gcm <https://www.w3.org/TR/xmlenc-core/#aes192-gcm>
	•		aes256−gcm <https://www.w3.org/TR/xmlenc-core/#aes256-gcm>

key_transport

Specify the encryption method to be used for key transport. Supported methods are:

Used in encryption. Optional. Default method: rsa−oaep−mgf1p

	•		rsa−1_5 <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5>
	•		rsa−oaep−mgf1p <https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p>
	•		rsa−oaep <http://www.w3.org/2009/xmlenc11#rsa-oaep>

oaep_mgf_alg

Specify the Algorithm to be used for rsa−oaep. Supported algorithms are:

Used in encryption. Optional. Default method: mgf1sha1

	•		mgf1sha1 <http://www.w3.org/2009/xmlenc11#mgf1sha1>
	•		mgf1sha224 <http://www.w3.org/2009/xmlenc11#mgf1sha224>
	•		mgf1sha265 <http://www.w3.org/2009/xmlenc11#mgf1sha256>
	•		mgf1sha384 <http://www.w3.org/2009/xmlenc11#mgf1sha384>
	•		mgf1sha512 <http://www.w3.org/2009/xmlenc11#mgf1sha512>

oaep_params

Specify the OAEPparams value to use as part of the mask generation function (MGF). It is optional but can be specified for rsa−oaep and rsa−oaep−mgf1p EncryptionMethods.

It is base64 encoded and stored in the XML as OAEPparams.

If specified you MAY specify the oaep_label_hash that should be used. You should note that not all implementations support an oaep_label_hash that differs from that of the MGF specified in the xenc11:MGF element or the default MGF1 with SHA1.

The oaep_label_hash is stored in the DigestMethod child element of the EncryptionMethod.

oaep_label_hash

Specify the Hash Algorithm to use for the rsa−oaep label as specified by oaep_params.

The default is sha1. Supported algorithms are:

	•		sha1 <http://www.w3.org/2000/09/xmldsig#sha1>
	•		sha224 <http://www.w3.org/2001/04/xmldsig-more#sha224>
	•		sha256 <http://www.w3.org/2001/04/xmlenc#sha256>
	•		sha384 <http://www.w3.org/2001/04/xmldsig-more#sha384>
	•		sha512 <http://www.w3.org/2001/04/xmlenc#sha512>

key_name

Specify a key name to add to the KeyName element. If it is not specified then no KeyName element is added to the KeyInfo

decrypt( ... )

Main decryption function.

Arguments:

xml

XML containing the encrypted data.

encrypt( ... )

Main encryption function.

Arguments:

xml

XML containing the plaintext data.

AUTHOR

Timothy Legge <[email protected]>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

Updated 2026-06-01 - jenkler.se | uex.se