[xmlsec] MS crypto key integration with xmlsec
aleksey at aleksey.com
Fri Aug 1 09:46:22 PDT 2003
First of all, I am glad that someone is looking into xmlsec-mscrypto.
have asked about this. If you and your company are ok with sharing your
I would be happy to include this into main xmlsec CVS/distribution. This
Your questions about keys and keys manager seem to have the same foundation.
The xmlSecKey/xmlSecKeyData and xmlSecKeysManager are not real objects that
do some important job but interfaces to crypto specific implementation.
xmlsec library uses these interfaces to call low level crypto api. For
example, in OpenSSL
case there is no keys storage provided by crypto library. Thus
implements one. On the other hand, NSS does provide a keys and
(known as NSS keys db). And xmlSecNssKeysManager is just an interface to
keys storage. If xmlsec core library needs to find a key, say with given
name, it calls
xmlSecNssKeysManager. The xmlSecNssKeysManager searches NSS keys db and
returns a key wrapped in xmlSecKey/xmlSecKeyData to xmlsec-core. As you
the xmlSecKey/xmlSecKeyData wrapper shows up *only* as the result of the
Another scenario is when an application wants to specify a key for
xmlsec operation (signature or encryption). In this case, application
should be able to
create or get xmlSecKey/xmlSecKeyData wrappers and give it to xmlsec.
that in any case, core xmlsec functions deal *only* with
wrappers. However, you can find xmlSecNss* and xmlSecOpenSSL* functions that
work with low level crypto primitives (for example, convert OpenSSL key
xmlSecKeyData). It's ok to have such functions and I doubt that one can
avoid this :)
I would guess that in MS Crypto API you have a situation very similar to
one we have
in NSS. Tej did a great implemention xmlsec-nss which was checked in CVS
recently. I would suggest you to take a look.
I am not sure but I hope that I did answer your questions. Anyway, I
would be happy to
answer more if you have some :)
With best regards,
More information about the xmlsec