[xmlsec] nss updates

Aleksey Sanin aleksey at aleksey.com
Tue Jul 29 00:27:58 PDT 2003


>
> Right. But it must be known which key type in processing if it is a key.

No, in XMLEnc case, this is just binary data. The algorithm itself *does 
not*
require the key type.

>
> I think xmlSec do not aim to implement a crypto algorithm if 
> neccessary. Key wrap is a algorithm thing.

Exactly! Now look at xmlsec-openssl. AES/DES key wraps, AES and DES 
encrytpion, DSA signatures,
and probably some other stuff was implemented in xmlsec only because 
openssl did not
provide *exactly* the same implementation as required. In one case, it 
was a different padding,
in another case, a different "magic" byte, etc. The standards are usualy 
broad and there are a lot
of different options. XMLDSig/XMLEnc choose one, crypto library 
implementors choose another.
And we have incompatibility.

Again, this is not as simple as it looks like. It would be great if nss 
implements exactly what we need!
Then our life would be much more simple :)

> Surely, they are all following the same standards.

See above.


Aleksey




More information about the xmlsec mailing list