[xmlsec] Re: get PKCS11 slot

Andrew Fan Andrew.Fan at sun.com
Wed Jun 18 23:43:31 PDT 2003


Aleksey Sanin wrote:

> Andrew,
>
> Will you please describe a use case scenario which you are
> trying to solve here? Why GetBestSlot from NSS does not work
> for you?

As we know, a PKCS#11 system has one or more slots. application can 
connect to token in any or all of those slots. The use case scenario like:
1. a high level application get a key object( symmetric or asymmetric 
key handler ) from a slot;
2. the application try to set the key into a xml encryption/signature 
context; ( because the key handler is based on the slot which creates 
it, it can not work with other slot in the system. )
3. the application call signature or encryption functions.( because the 
internal key data only can identify the slot created by GetBestSlot, it 
is possible that the action suffers a defeat. )

I think, in PKCS11 environment, if the keys are not created internally 
in xmlSec, the problem will arise.

Thanks,
Andrew

>
> Aleksey
>




More information about the xmlsec mailing list