As was discussed earlier in this article, the XML encryption standard provides room for embedding relevant key information, required for decrypting the data, at the receiving end. The <EncryptedKey> element is used for this purpose.
Have a look at Figure 5, which illustrates the transmission of encrypted symmetric keys from sender to receiver. Here, we assume that the public key of the receiver is already available with the sender.
Figure 5 XML keys exchange using the <EncryptedKey> element.
You may wonder about what sort of security we are talking aboutif we are bundling the secret key along with the encrypted document, so painstakingly produced! The next section offers the much-required explanation to this paradox.