[xmlsec] Proposed patch to allow OpenSSL/ENGINE operations

Aleksey Sanin aleksey at aleksey.com
Thu Jul 7 09:27:54 PDT 2005


> I haven't asked, but checked the OpenSSL 0.9.8 release, and no,
> there's still no way to check if a key can be used for a private
> operation, other than doing it.
It might be a good idea to ask. Even if it is not there now this
might give openssl developers a reason to add it in the future.

> 
> Anyway. Imagine you're using the CAPI stack, with its native support
> for hardware tokens. You get a handle on a private key, declared as
> such. But when you want to perform the private operation, the token is
> removed. The CAPI then returns an error, and it is properly catched by
> xmlsec, right?
> What is the difference with the proposed behaviour introduced by my
> patch?
> 
True. But if application does operate only with keys in memory and
does not want to know about hardware tokens, then it expects to get back
real private key when it asks for one.

Aleksey



More information about the xmlsec mailing list