XML Encryption (XML-Enc) is a specification governed by a World Wide Web Consortium (W3C) recommendation, that defines how to encrypt the contents of an XML element.
[1] Both XML Signature and XML Encryption use the KeyInfo element, which appears as the child of a SignedInfo, EncryptedData, or EncryptedKey element and provides information to a recipient about what keying material to use in validating a signature or decrypting encrypted data.
The KeyInfo element is optional: it can be attached in the message, or be delivered through a secure channel.
Jager & Somorovsky (2011) reported that this specification has severe security concerns.
In response to this,[2] the specification of XML Encryption 1.1 published in 2013 included a Galois/Counter Mode block cypher algorithm.