[xmlsec] MS crypto key integration with xmlsec
Tej Arora
tejbiz@aol.com
Fri, 1 Aug 2003 09:35:43 -0700
wsh@xs4all.nl wrote:
> Hi all,
>
> Currenlty I'm working on the implementation of MS Crypto lib interface
> for
> the xmlsec library. I've taken the stuff from Olger Warnier (see earlier
> in the mailing list) as starting point, and have some things working
> already (SHA1 hashing, 3des encryption, and native MS Crypto key
> support),
> but a lot of work still has to be done. I'm now working at RSA
> signatures.
>
> The MS Crypto interface is based upon the OpenSSL interface. However I've
> no clear idea yet how to get the MS Crypto keys into xmlsec. The
> applications where I'm planning to use this library for have keys stored
> in MS certificate store, that cannot be exported. This means that a
> handle
> to such a key must be gotten from MS Certificate store and loaded/passed
> somehow to the xmlsec library, which is different from the way xmlsec
> deals with keys till now, mostly PEM files that are loaded.
>
> Should the (client) application deal with getting a handle to an MS key,
> and then pass it to the xmlsec lib (I've already code in the xmlsec
> library that can handle this). Or is the xmlsec-KeyManager the place to
> deal with this issue: A new implementation for the KeyManager can be
> written that is capable of dealing with certificate stores. Personally
> I've got the feeling that xmlsec KeyManagers are not really meant for
> this
> type of functionality, but I'm curious how others see this. Perhaps
> anyone
> else has already done some work in this direction?
>
> Let me know your thoughts here :)
Hello Wouter,
NSS is similar to MS crypto lib in terms of having a certificate
and key store.
So, as a starting point I'd recommend looking at how xmlsec-nss
is done. src/nss/README is a good starting point - it specifically
talks about keys & keysmanager and how it relates to the NSS
native store.
regards,
-Tej
>
> Regards, Wouter
> _______________________________________________
> xmlsec mailing list
> xmlsec@aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec