[xmlsec] Use of smart-cards to perform cryptographic operations

Aleksey Sanin aleksey at aleksey.com
Mon May 16 07:38:02 PDT 2005


> I've read somewhere (don't remembere where, sorry) that someone was 
> arguing about the use of 'best-slot'. But in real application, supported 
> by a graphical interface or by a server infrastructure using HSMs (Hw 
> security modules), the application has these infos from othe sources 
> (the end-user or some application configs), so I believe that the XmlSec 
> should perform what previously selected by the application, not doing 
> some sort of 'best-selection' whose criteria are not well defined.
> 

Well, I don't think you are correct. NSS provides "best slot"
functions exactly for this purpose. User selects which operations
should be performed on which slot, you configure NSS that way and
everything magicaly works. As far as I know, this is how Mozilla
uses NSS (you might want to ask for more details in NSS mailing list).

Aleksey





More information about the xmlsec mailing list