[xmlsec] Thoughts on a new mscng backend
Aleksey Sanin
aleksey at aleksey.com
Wed May 9 10:21:45 PDT 2018
Thanks for checking!
Aleksey
On 5/9/18 6:30 AM, Dmitry Belyavsky wrote:
> No, there is no GOST CNG-based backend.
>
> On Mon, May 7, 2018 at 7:59 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
>
> Thank you!
>
> Aleksey
>
> On 5/7/18 12:23 AM, Dmitry Belyavsky wrote:
> > I'll ask whether there is any CNG-based GOST implementation.
> >
> > On Sat, May 5, 2018 at 5:08 AM, Aleksey Sanin <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> > <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
> >
> > Thanks for all the code you've wrote!
> >
> > I think the only area missing is GOST algorithms support. It
> > requires special configs/dlls on Windows so I don't know if
> > it is even available for MSCNG. May be someone on the list
> > has direct knowledge and can chime in?
> >
> > I was planning to ask you what would be the right time to do
> > an xmlsec release. Sounds like in a couple weeks is the right
> > timeline. I think it would be great to have others play with
> > mscng to find out any issues. But otherwise, it looks great!
> >
> > Aleksey
> >
> > On 5/4/18 8:33 AM, Miklos Vajna wrote:
> > > Hi,
> > >
> > > On Thu, Jan 04, 2018 at 03:24:51PM -0800, Aleksey Sanin
> > <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
> > >> That sounds like a great plan! I would recommend to use the
> > >> skeleton folder to start.
> > >
> > > Thanks for all the reviews, current master looks reasonable
> to me
> > when I
> > > compare 'make check' output of the mscrypto and mscng backends:
> > >
> > > - 0 tests pass only on mscrypto
> > > - 126 tests pass on both mscrypto and mscng
> > > - 3 tests pass only on mscng (ecdsa signing with sha1/256/512)
> > >
> > > I wonder what else is missing so it could be claimed that
> the mscng
> > > backend is more or less a drop-in replacement for the
> mscrypto one.
> > > There are two things I can think of:
> > >
> > > - mscrypto supports reading your OS-level certificates and
> use that
> > > during e.g. signing.
> > >
> > > - There are a few functions which are part of the mscrypto
> public API
> > > (e.g. xmlSecMSCryptoX509StoreAdoptKeyStore()) and there is
> no mscng
> > > equivalent yet. Those are probably interesting as e.g.
> LibreOffice
> > > uses those functions.
> > >
> > > I plan to get to these two in the next few weeks. But is there
> > anything
> > > else larger missing?
> > >
> > > Thanks,
> > >
> > > Miklos
> > >
> > >
> > >
> > > _______________________________________________
> > > xmlsec mailing list
> > > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
> > > http://www.aleksey.com/mailman/listinfo/xmlsec
> <http://www.aleksey.com/mailman/listinfo/xmlsec>
> > <http://www.aleksey.com/mailman/listinfo/xmlsec
> <http://www.aleksey.com/mailman/listinfo/xmlsec>>
> > >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> <http://www.aleksey.com/mailman/listinfo/xmlsec>
> > <http://www.aleksey.com/mailman/listinfo/xmlsec
> <http://www.aleksey.com/mailman/listinfo/xmlsec>>
> >
> >
> >
> >
> > --
> > SY, Dmitry Belyavsky
>
>
>
>
> --
> SY, Dmitry Belyavsky
More information about the xmlsec
mailing list