[xmlsec] Use of smart-cards to perform cryptographic operations

Aleksey Sanin aleksey at aleksey.com
Mon May 16 10:35:58 PDT 2005


> OK
> 
> I'll do my best (not only slot :-)).
> 
> Looking at you're example sign3.c I was wandering if the signing 
> sequence could be realised by modifying the underlying NSS layer so that:
> - ...
> - xmlSecCryptoAppKeyLoad could actually prepare a key structure for a 
> pseudo-file whose name is something like 'slot-name : token-name'
>  (and here the API already provide PIN parameters);
> - xmlSecCryptoAppKeyCertLoad could be used to actually select a 
> certificate (ant its key) via a nickname specified with cert-file name;
> - xmlSecKeySetName - as now
> - xmlSecDSigCtxSign - performing the signature with the supplied infos 
> abore
> - ...
>
You are not required to use xmlSecCryptoAppKeyLoad(). You can write your
own function to load key (NSS key handle) and insert it into the
manager. Again, as soon as you have the key, you have the slot.

xmlSecCryptoAppKeyCertLoad() is a simple example and a helper function
for xmlsec command line app. Your requirements go beyound the
requirements for this application and you probably want to write a
custom function for this.

Aleksey




More information about the xmlsec mailing list