[xmlsec] Use of smart-cards to perform cryptographic operations
Aleksey Sanin
aleksey at aleksey.com
Mon May 16 10:13:20 PDT 2005
> But looking at the way NSS handles it in the normal PKCS7 scenario,
> SGN_End is called as the final action of a sequence which sees:
> - first the selection of slot/token,
> - then the verification that the token and the certificate is good for
> signing,
> - and finally the signature, that is actually performed by the card (in
> fact NSS handles private-keys of PKCS11 devices - smart-cards or
> software simulations - only as logical descriptors of keys that are
> handled only by the devices).
The slot is associated with a key. If you already have a key then
you already have a slot. xmlsec uses "GetBestSlot" only if it reads
key from the input (e.g. from a certificate) or for hash operations.
Thus, if you want to sign something with a given key then you already
did the first two steps in your application. xmlsec is doing the last
step only (fo the final signature on a device and get back the result).
BTW, I did not wrote the xmlsec-nss myself. It was done by one of NSS
developers from AOL :)
Aleksey
More information about the xmlsec
mailing list