[xmlsec] MS Crypto API support
aleksey at aleksey.com
Tue Apr 8 07:14:23 PDT 2003
>I have created the mscrypto includes and source files based on the GnuTLS
>and found a few references missing during linkage. It seems that these are
>part of the symbols.h file but that one is not included in one of the
>'driver' c files (the files in the mscrypto src directory).
>I included the file in app.c to get this working but am wondering how it
>should be done.
There is a trick here. There is a mapping for xmlsec -<crypto> functions
application development. Say, we have xmlSecNssInit() function. In
it is mapped to xmlSecCryptoInit() and application can use same code for
all crypto engines.
>Next to that, the crypto.h file (common include file) needs the additional
>mscrypto includes and I have added these to the file. (and found the
>symbols.h include over here..... maybe this is the way the symbols are
>automatically included when mscrypto is build...)
Yes. It's the way to autmaticaly resolve xmlSecCrypto... names for
The application need to have one of the defines:
and include include/xmlsec/crypto.h file. It does all the magic of
mapping xmlSecCrypto.. functions.
>And the Makefile.msvc needs an additional configuration to include the
Correct. You probably need to check the win32/configure.js file too. You
mscrypto as an option for crypto library selection.
>I copied all NSS references and renamed the NSS to MSCRYPTO.
>All of this together seems to compile and link.
>In order to start with the actual implementation, what should be the order
>to go ?
Next step is to implement initialization/shutdown functions. There are 2
levels of init/shutdown
functions in xmlsec-crypto library:
xmlSecCryptoInit () - initializes xmlsec-crypto library
(registeres key data and transforms,
application MUST call this function.
xmlSecAppCryptoInit () - default crypto lobrary initialization
for xmlsec command line utility;
application MAY call
this function to initialize crypto library or do it
After this I would suggest to try to implement a couple simple
transforms that give you an ability
to verify a first signature. SHA1 and HMAC-SHA1 (and HMAC key data) are
very good candidates.
Check OpenSSL/GnuTLS/NSS code for examples (again, it's
copy/paste/rename :) ).
If you and your company/university/... are ok with sharing your work
with others then I would be
happy to add your changes to the main XML Security Library tree. The XML
Sec code is licensed
under MIT license (basicaly, do whatever you want but don't complain).
More information about the xmlsec