[xmlsec] Use of smart-cards to perform cryptographic operations

[Clizio Merli]

Aleksey Sanin wrote:

>> OK
>>
>> I'll do my best (not only slot :-)).
>>
>> Looking at you're example sign3.c I was wandering if the signing 
>> sequence could be realised by modifying the underlying NSS layer so 
>> that:
>> - ...
>> - xmlSecCryptoAppKeyLoad could actually prepare a key structure for a 
>> pseudo-file whose name is something like 'slot-name : token-name'
>>  (and here the API already provide PIN parameters);
>> - xmlSecCryptoAppKeyCertLoad could be used to actually select a 
>> certificate (ant its key) via a nickname specified with cert-file name;
>> - xmlSecKeySetName - as now
>> - xmlSecDSigCtxSign - performing the signature with the supplied 
>> infos abore
>> - ...
>>
> You are not required to use xmlSecCryptoAppKeyLoad(). You can write your
> own function to load key (NSS key handle) and insert it into the
> manager. Again, as soon as you have the key, you have the slot.
>
> xmlSecCryptoAppKeyCertLoad() is a simple example and a helper function
> for xmlsec command line app. Your requirements go beyound the
> requirements for this application and you probably want to write a
> custom function for this.
>
> Aleksey
>

Thanks

I'll take nss/app.c as a guideline to develop something like 
xmlSecCryptoAppKeyLoad and xmlSecCryptoAppKeyCertLoad for my purposes, 
and then will proceed as normal.
I'll let you know (and send you a copy of the new functions after 
debugging).

Bye
Clizio


-- 
----------------------------
Clizio dr. Merli

C.E.O. 4u Srl, Italy
ISACA CISM (Certified Information Security Manager)
EUCIP Certified
Socio AIP (Associazione Informatici Professionisti)
----------------------------