[xmlsec] nss updates
Aleksey Sanin
aleksey at aleksey.com
Tue Jul 29 00:27:58 PDT 2003
>
> Right. But it must be known which key type in processing if it is a key.
No, in XMLEnc case, this is just binary data. The algorithm itself *does
not*
require the key type.
>
> I think xmlSec do not aim to implement a crypto algorithm if
> neccessary. Key wrap is a algorithm thing.
Exactly! Now look at xmlsec-openssl. AES/DES key wraps, AES and DES
encrytpion, DSA signatures,
and probably some other stuff was implemented in xmlsec only because
openssl did not
provide *exactly* the same implementation as required. In one case, it
was a different padding,
in another case, a different "magic" byte, etc. The standards are usualy
broad and there are a lot
of different options. XMLDSig/XMLEnc choose one, crypto library
implementors choose another.
And we have incompatibility.
Again, this is not as simple as it looks like. It would be great if nss
implements exactly what we need!
Then our life would be much more simple :)
> Surely, they are all following the same standards.
See above.
Aleksey
More information about the xmlsec
mailing list