Appendix A. Securing Your XML Transactions using Symmetric Passphrases and OpenSSL

Table of Contents

Prerequisites for Securing XML Data
Generate a limited use only symmetric passphrases
Sign then encrypt the symmetric passphrase for your Partner
Use the symmetric passphrase to encrypt data.
Send the Signed and Encrypted key to your partner
Your partner decrypts and recovers the symmetric passphrase
Use the symmetric passphrase to decrypt data.

After securing the transport layer with SSL using the previous sections. We can use this secure layer to transmit XML data between servers without sending clear text. The issue is that the data is only secure in transit between the server and the client. A malicious user could still create a fraudulent transaction and deliver it to your servers.

What is needed is an encrypted and signed payload. By encrypting and signing the payload we can warranty the Confidentiality, Integrity, Authenticity, Identity and Non-repudiation of the payload.

This section requires the following items to start. These topics are covered in previous sections of this publication.

The proceeding sections will guide you through creating a “limited use symmetric passphrase”, sending the key to your partner, and finally use it for the transmission of secure XML transactions.