[xmlsec] MS crypto key integration with xmlsec

Tej Arora tejbiz@aol.com
Fri, 1 Aug 2003 09:35:43 -0700


wsh@xs4all.nl wrote:

 > Hi all,
 >
 > Currenlty I'm working on the implementation of MS Crypto lib interface
 > for
 > the xmlsec library. I've taken the stuff from Olger Warnier (see earlier
 > in the mailing list) as starting point, and have some things working
 > already (SHA1 hashing, 3des encryption, and native MS Crypto key
 > support),
 > but a lot of work still has to be done. I'm now working at RSA
 > signatures.
 >
 > The MS Crypto interface is based upon the OpenSSL interface. However I've
 > no clear idea yet how to get the MS Crypto keys into xmlsec. The
 > applications where I'm planning to use this library for have keys stored
 > in MS certificate store, that cannot be exported. This means that a
 > handle
 > to such a key must be gotten from MS Certificate store and loaded/passed
 > somehow to the xmlsec library, which is different from the way xmlsec
 > deals with keys till now, mostly PEM files that are loaded.
 >
 > Should the (client) application deal with getting a handle to an MS key,
 > and then pass it to the xmlsec lib (I've already code in the xmlsec
 > library that can handle this). Or is the xmlsec-KeyManager the place to
 > deal with this issue: A new implementation for the KeyManager can be
 > written that is capable of dealing with certificate stores. Personally
 > I've got the feeling that xmlsec KeyManagers are not really meant for
 > this
 > type of functionality, but I'm curious how others see this. Perhaps
 > anyone
 > else has already done some work in this direction?
 >
 > Let me know your thoughts here :)

Hello Wouter,

NSS is similar to MS crypto lib in terms of having a certificate
and key store.

So, as a starting point I'd recommend looking at how xmlsec-nss
is done. src/nss/README is a good starting point - it specifically
talks about keys & keysmanager and how it relates to the NSS
native store.

regards,

-Tej

 >
 > Regards, Wouter
 > _______________________________________________
 > xmlsec mailing list
 > xmlsec@aleksey.com
 > http://www.aleksey.com/mailman/listinfo/xmlsec