[xmlsec] Re: get PKCS11 slot
Tejkumar Arora
tej at netscape.com
Wed Jun 18 09:10:47 PDT 2003
Andrew,
Do you have a real use-case where you want to use a specific slot
for encryption instead of the "best slot"?.
The slot choice is made for several operations (key generation,
signature ops, hashing, macing etc....), and there should be
a good reason if you want the slot override feature....
-Tej
Aleksey Sanin wrote:
> Andrew,
>
> First of all, please use xmlsec mailing list for any questions
> regarding xmlsec.
> Otherwise, you messages have a very good chance to go to my trash (sorry,
> I recieve too many spam).
>
> Probably the simplest solution to your problem would be to have a special
> NSS specific function "SetSlot" that will set slot in
> xmlSecNssEvpBlockCipherCtx
> structure. Later on, xmlSecNssEvpBlockCipherCtxInit() would use either
> this
> slot or call GetBestSlot(). This would change an internal xmlsec-nss
> structure
> not visible to user and I don't see any backward compatibility problems.
>
> Aleksey
>
>
>
> Andrew Fan wrote:
>
>> Hi Aleksey,
>>
>> In the crypto engine implementation on NSS, you use the interface:
>> PK11_GetBestSlot to initialize a slot( in cipher.c ). I think, if a
>> Kalss, such as xmlSecNssAes128CbcKlass can accept a parameter(
>> PK11SlotInfo* ), it'll be better. Because a user maybe want to use a
>> particular slot instead of the default ones. PK11-GetBestSlot can not
>> tie to a particular slot, I think.
>>
>> If I correct, how can I feed the parameter( PK11SlotInfo* ) into a
>> certain Klass?
>>
>> Thanks & Regards,
>> Andrew
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list