[xmlsec] MS Crypto API support

olger olger at xs4all.nl
Tue Apr 8 08:04:17 PDT 2003

Hi Aleksey,

I rebuild the basis using your skeleton.
Copied the files to a mscrypto directory and renamed all SKELETON to
MSCRYPTO and Skeleton to MSCrypto (perl -pi.bak -e "s/Skeleton/MSCrypto/g"
files... makes that very easy)
Added to xmlsec/crypto.h the MSCRYPTO definitions and includes. (for the
symbols as your are mentioning) and changed the Makefile.msvc to support
the MSCRYPTO components. (as well as the jsfile to mention existence of

At this moment I am a bit stuck with undeclared identifiers for
xmlSecMSCryptoTransformHmacSha1Id (and 2 others like that) although they
are part of the symbols.h file in the mscrypto directory....
I would be happy to contribute the code to the project and I don't think
that my company will make an issue of that. (I'll check to be on the safe
side, but it is just a formality)
What is the preferred way to add it to the library ?

In the mean time I will take some time to get these failures out of the
way (I prefer to work on linux as it is more clear what you are doing....)
and add the first support as you suggest.



On Tue, 8 Apr 2003, Aleksey Sanin wrote:

> olger wrote:
> >I have created the mscrypto includes and source files based on the GnuTLS
> >and found a few references missing during linkage. It seems that these are
> >part of the symbols.h file but that one is not included in one of the
> >'driver' c files (the files in the mscrypto src directory).
> >I included the file in app.c to get this working but am wondering how it
> >should be done.
> >
> There is a trick here. There is a mapping for xmlsec -<crypto> functions
> to simplify
> application development. Say, we have xmlSecNssInit() function. In
> include/xmlsec/nss/symbols.h
> it is mapped to xmlSecCryptoInit() and application can use same code for
> all crypto engines.
> >Next to that, the crypto.h file (common include file) needs the additional
> >mscrypto includes and I have added these to the file. (and found the
> >symbols.h include over here..... maybe this is the way the symbols are
> >automatically included when mscrypto is build...)
> >
> >
> Yes. It's the way to autmaticaly resolve xmlSecCrypto... names for
> application.
> The application need to have one of the defines:
>     ....
> and include include/xmlsec/crypto.h file. It does all the magic of
> mapping xmlSecCrypto.. functions.
> >And the Makefile.msvc needs an additional configuration to include the
> >mscrypto.
> >
> Correct. You probably need to check the win32/configure.js file too. You
> should mention
> mscrypto as an option for crypto library selection.
> >I copied all NSS references and renamed the NSS to MSCRYPTO.
> >All of this together seems to compile and link.
> >
> >
> Congratulations!
> >In order to start with the actual implementation, what should be the order
> >to go ?
> >
> >
> Next step is to implement initialization/shutdown functions. There are 2
> levels of init/shutdown
> functions in xmlsec-crypto library:
>        xmlSecCryptoInit  ()       - initializes xmlsec-crypto library
> (registeres key data and transforms,
>                                                    for example);
> application MUST call this function.
>        xmlSecAppCryptoInit () - default crypto lobrary initialization
> for xmlsec command line  utility;
>                                                    application MAY call
> this function to initialize crypto library or do it
>                                                    by itself.
> After this I would suggest to try to implement a couple simple
> transforms that give you an ability
> to verify a first signature. SHA1 and HMAC-SHA1 (and HMAC key data)  are
> very good candidates.
> Check OpenSSL/GnuTLS/NSS code for examples (again, it's
> copy/paste/rename :) ).
> If you and your company/university/... are ok with sharing your work
> with others then I would be
> happy to add your changes to the main XML Security Library tree. The XML
> Sec code is licensed
> under MIT license (basicaly, do whatever you want but don't complain).
> Aleksey
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list