[xmlsec] xmlsec and HSMs / Accelerators

Patrick Richard patr at sxip.com
Thu Apr 8 09:51:23 PDT 2004

> -----Original Message-----
> From: xmlsec-admin at aleksey.com [mailto:xmlsec-admin at aleksey.com] On
> Behalf Of Jacek Nowacki
> Sent: Thursday, April 08, 2004 1:53 AM
> To: xmlsec at aleksey.com
> Subject: Re: [xmlsec] xmlsec and HSMs / Accelerators
> Hi Pat,
> We succeeded using xmlsec with following hardware:

Thanks Jacek

Was this *both* in linux ?

> a) "PrivateServer" from Algorithmic Research (www.arx.com), it is a
> regular HSM. Whole solution has been certified with Visa for 3-D
> Secure. It uses PKCS#11 API.

How was the passsphrase callback handled ? Did you do the
initialization/logon BEFORE doing any xmlsec stuff, or was this all
called through xmlsig ?

> b) nForce SSL accelerator (www.ncipher.com) also worked perfectly with
> xmlsec (xml signatures for Visa 3-D Secure), but I do not rememember
> if PKCS#11 was used by the supplier.
> It is working in linux environment, maybe in Windows too.

I presume that was via OpenSSl ? 

Hmm...  I'm wondering if anyone has done xmlsec <-> CAPI <-> P-11 <->
HSM as well.


More information about the xmlsec mailing list