[xmlsec] The support of new GOST algorithms in xmlsec

Dmitry Belyavsky beldmit at gmail.com
Mon Sep 9 10:40:37 PDT 2013


Greetings!

Yes, you have understood my idea correctly.

Thank you! I'll have a look at it.


On Mon, Sep 9, 2013 at 9:25 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:

> Copy/paste/replace is probably a bad idea. If you setup new URI
> mapping to a new key data/transform then at any point in the code
> you will have access to the relevant object "id" (e.g. see
> xmlSecOpenSSLEvpSignatureCheckId). Then you can have common functions
> implementing both old and new GOST algorithm and just tweak it
> as necessary based on the object "id".
>
> Does it make sense? Or did I misunderstood your question?
>
>
> Aleksey
>
> On 9/9/13 5:48 AM, Dmitry Belyavsky wrote:
> > Greetings!
> >
> > There are new digest and signature algorithms in Russia, the standards
> > were published in 2012.
> > I'm thinking about implementing their support at least for the openssl
> > backend in the xmlsec.
> >
> > It seems to me that the difference against current implementation will
> > be very small and include only some points:
> > - The URIs identifying algorithms
> > - The string names of algorithms
> > - The lengths of keys, signature and digests.
> >
> > It has no sense to provide a custom format for public key
> > representation, and either the tag containing X.509 cert itself or the
> > tags containing issuer and serial are enough. So I think it will be
> > better to implement a common solution for such cases. Of cause, I can
> > just clone the current GOST algorithms Klass structures and call a
> > search-and-replace, but it seems to be not very good idea at all.
> >
> > Can you give me the piece of advice what should be a best way to provide
> > support for such cases?
> >
> > Thank you!
> >
> > --
> > SY, Dmitry Belyavsky
> >
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >
>



-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20130909/f09b4b42/attachment.html>


More information about the xmlsec mailing list