Hi, there are cases where the receiver of an XML document that includes encrypted data is not the consumer of that data (e.g. does not own the private key). This "proxy" entity is expected to copy the encrypted information into another document and send it to the intended consumer.
The existing methods loadEncryptedData, loadEncryptedKey, etc. return an interface, and the underlying object instance (EncryptedDataImpl, EncryptedKeyImpl...) retains the _contextDocument under which they were created, making it impossible to insert those objets under a new document In other words, the sequence EncryptedData eData = cipher1.loadEncryptedData(doc1, e1); Element e2 = cipher2.martial(doc2, eData); doc2.getDocumentElement().appendChild(e2); will throw a DOMException WRONG_DOCUMENT_ERR since the owner document of e2 is not doc2, but doc1. With the current implementation of XMLCipher, it would be possible to address this problem to some extent by breaking the received encrypted data into its sublements, creating a new instance of XMLCipher and building up the encrypted data with createxxx(xxx) methods. I haven't checked if this would work for any EncryptedData or EncryptedKey element (i.e. if there are createxxx methods implemented for all the possible subelements), anyway this would be a pain. A cleaner solution for the user of the API would be to provide an XMLCipher clone(XMLCipher cipher) method, that creates brand new instances of the underlying objects, and _contextDocument is null (or can be passed as a parameter) Do you see any other feasible alternative? If not, may I suggest that a "clone" method as the one I described (or similar) be included in future versions of XMLCipher? Thanks, Luis
