[xmlsec] xmlsec and HSMs / Accelerators

xs04.jmdesp at free.fr xs04.jmdesp at free.fr
Wed Apr 14 08:06:48 PDT 2004

Quoting Patrick Richard <patr at sxip.com>:
> [...] some providers are providing CAPI and P11
> _some_ are just P11. Whilst accerlerators in CAPI is simple, it is less
> common to _not_ have P11 with HSMs, no ?
> So what I was getting at, are there any xmlsec -> CAPI - whith HSMs that
> we had success with ? (P-11 underneath I am happy too).

Well, I didn't understand your formulation.

Many accelerator have an openssl driver, and there is some pkcs#11 patch for
openssl, so you will probably have more success going in that direction.
> What I am wanting to do is use HSMs with xmlsec without too many
> 'external' initializers etc.. First I need to know it works at all,
> which it seems to (via CAPI, whatever is underneath it doesn't care).

I have here code that works perfectly with the software implementation of CAPI
but has difficulties with at least one model of hardware token. This is what I
refered to in my last message.

More information about the xmlsec mailing list