help with encrypting xml tag

[comicrage]

Hi,

I got an XML doc, which contains sensitive data to be encrypted. I figured out how to encrypted input elements like

<user>
<ssn>test</ssn>
</user>

the c# code will encrypt test and product cipherdata

however, there are portion of the XML data where the sensitive data appears inside the tag as so

<users>
<user username=testname userssn=testssn>
.....
</user>
</users>

Questions...

how can I only encrypt the userssn portion? Can it be done? The only other alternative solution is to encrypted all the elements inside the users tag, but I am not sure if that is acceptable.

Any help is greatly appreciated.

[MadHatter]

encrypt the data used to generate the ssn xml data. you'll have to base64 encode it though in order for it to be legally inserted into the xml.

Code:

[XmlRoot("user")]
public class User {

    // ... guts removed

    [XmlIgnore]
    public string Ssn { get { return this.ssn; } set { this.ssn = value; } }

    [XmlElement("ssn")]
    public string EncryptedSsn {
        get { return EncryptionHelper.EncryptAndEncode(this.ssn); }
        set { this.ssn = EncryptionHelper.DecodeAndDerypt(value); }
    }
}

// just a sample util class to simplify the example
// Key and IV must be consistent (it can be data driven, but decryption has to use 
// the same key/iv that was used to encrypt it).
public static class EncryptionHelper {
    static readonly byte[] key = { 0x42, 0x50, 0x67, 0x90, 0xF1, 0x6A, 0x15, 0x2A, 0x25, 0x5A, 0x1E, 0x95, 0x3A, 0xDD, 0xF3, 0xCB };
    static readonly byte[] iv = { 0x17, 0x43, 0x1A, 0xF1, 0x0F, 0x06, 0x14, 0xF1 };
    static TripleDES tdes;

    public static string EncryptAndEncode(string input) {
        byte[] data = Encoding.UTF8.GetBytes(input);
        ICryptoTransform ict = tdes.CreateEncryptor();
        byte[] enc = ict.TransformFinalBlock(data, 0, data.Length);
        string output = Convert.ToBase64String(enc);
        return output;
    }

    public static string DecodeAndDecrypt(string input) {
        byte[] data = Convert.FromBase64String(input); 
        ICryptoTransform ict = tdes.CreateDecryptor();
        byte[] dec = ict.TransformFinalBlock(data, 0, data.Length);
        string output = Encoding.UTF8.GetString(dec).Trim('\0');
        return output;
    }

    static EncryptionHelper() {
        tdes = TripleDES.Create();
        tdes.Key = key;
        tdes.IV = iv;
        tdes.Mode = CipherMode.CBC;
        tdes.Padding = PaddingMode.Zeros;
    }
}

if you're generating the xml by hand, then just do the same (encryption helper -> encrypt / decrypt) before writing the xml whitespace / attribute values.