[xmlsec] another question about xmlsec.

Aleksey Sanin aleksey at aleksey.com
Thu Mar 20 13:21:05 PST 2003


>
>
>>1. Can XMLSec bind a crypto engine dynamic?
>>
> I would say "yes" on *nixes and "probably" on Windows....


The issue is fixed. On all platforms the two libraries "xmlsec" (does 
not depend
on crypto engines whatsoever) and "xmlsec-crypto" are compiled. The 
downside
on Windows is that I had to compile and link strings constants (node 
names, etc)
twice in each library (this adds additional 25-30K). Unfortunately, I 
don't have
any other idea how to trick the MSVC/Windows dll symbols export system.

And I would like to note, that in addition to the dynamic crypto engine 
loading,
the new XMLSec design lets you to "mix" crypto engines and use more than 
one
engine from one application (it might be usefull in case you have a 
smart card that
can do signatures but not cipher encryption, for example). The only 
tricky (but not
impossible) part would be to support say RSA signatures from crypto 
engine A and
RSA encryption from crypto engine B. In this case, you'll need to do 
"keys" marshaling
when needed but it's only a matter of implementing xmlSecKeysMngr that 
supports
such kind of things.

Aleksey






More information about the xmlsec mailing list