[xmlsec] remote or external private keys

Aleksey Sanin aleksey at aleksey.com
Tue Sep 28 08:24:51 PDT 2004


The keys are also separated from the xmlsec engine. Look at the
xmlSecKeyData objects. Note that xmlSecKeysMngrFindKey() is not
the only way to find a key. It is just needed for processing
<KeyName> element in "generic" way :) However, if you key is
specified in some other element when you can register
a xmlSecKeyData object class to handle this element and return
the key. This objects are responsible for reading *custom* keys
specification and quering the *custom* keys store.

For example, if you have <X509Data> element with cert/key specification
then it is processed in a special xmlSecCryptoKeyDataX509 object (where
Crypto is OpenSSL, NSS, etc.) KeyDataX509 objects know how to read/write
<X509Data> element and how to retrieve certificate (and then key)
from custom KeysStore (which is a part of keys manager). Nobody else
in xmlsec knows how to deal with certificates but nobody else needs
to know :)

In similar way, you can create handlers for processing any kind of
references to a key. You can add a custom keys store with interface
to you custom PKI DB. Then your custom key handle is stored in special
keys data object that is used by your crypto code. I hope this works
for you :)

Aleksey




More information about the xmlsec mailing list