[xmlsec] MS crypto key integration with xmlsec

wsh at xs4all.nl wsh at xs4all.nl
Fri Aug 1 05:47:31 PDT 2003

Hi all,

Currenlty I'm working on the implementation of MS Crypto lib interface for
the xmlsec library. I've taken the stuff from Olger Warnier (see earlier
in the mailing list) as starting point, and have some things working
already (SHA1 hashing, 3des encryption, and native MS Crypto key support),
but a lot of work still has to be done. I'm now working at RSA signatures.

The MS Crypto interface is based upon the OpenSSL interface. However I've
no clear idea yet how to get the MS Crypto keys into xmlsec. The
applications where I'm planning to use this library for have keys stored
in MS certificate store, that cannot be exported. This means that a handle
to such a key must be gotten from MS Certificate store and loaded/passed
somehow to the xmlsec library, which is different from the way xmlsec
deals with keys till now, mostly PEM files that are loaded.

Should the (client) application deal with getting a handle to an MS key,
and then pass it to the xmlsec lib (I've already code in the xmlsec
library that can handle this). Or is the xmlsec-KeyManager the place to
deal with this issue: A new implementation for the KeyManager can be
written that is capable of dealing with certificate stores. Personally
I've got the feeling that xmlsec KeyManagers are not really meant for this
type of functionality, but I'm curious how others see this. Perhaps anyone
else has already done some work in this direction?

Let me know your thoughts here :)

Regards, Wouter

More information about the xmlsec mailing list