[xmlsec] xmlsec-nss patches from Sun( 2003-07-22 )

Aleksey Sanin aleksey at aleksey.com
Thu Jul 24 00:14:37 PDT 2003

> "xmlSecNssKeyDataRsaGenerate" interfaces, I have no such a goog luck. So
> the 'getSlot' is designed only for "KeyDataXXXGenerate" functions.

The only thing that can use xmlSec*Generate functions is some keys 
storage (XKMS?)
xmlsec never calls these functions by itself. And if you want, you can 
have xmlSecNss*GenerateExt()
function with one additional parameter "slot". Then xmlSecNssGenerate() 
would simply call
        xmlSecNss*GenerateExt(..., PK11__GetBEstSlot());

> Can we design that we specify a deault xmlSecNssKeysManager, and every 
> loaded keys ( read from xml
> document ) bind with the slot that enabled in the manager? That one 
> things I want to do. 

Sure. Again, I think that mapping alg->slot is better than plain 
"enabled slots list"
(my favorite example again :) ).

> So if we provide such a keys manager, "getSlot" only work for key data 
> generator. When we will
> use the "KeyDataXXXGenerate" functions?

Never. These functions are used *only* by xmlsec command line utility. 
And these functions
are not called from xmlsec library itself.

> Now, maybe we have agreed where and when "getSlot" works, Only in the 
> "KeyDataXXXGenerate"
> interfaces. 

See above the suggestion with xmlSecNss*GenerateExt() functions. If you 
stick with NSS
and don't care about portability (i.e. switching to OpenSSL, etc.) then 
you can use
xmlSecNss*GenerateExt()  instead.


More information about the xmlsec mailing list