[xmlsec] Use of smart-cards to perform cryptographic operations
Clizio Merli
clizio at net4u.it
Mon May 16 10:02:46 PDT 2005
Aleksey Sanin wrote:
> In the scenario you describe (private key is sitting on the smart card)
> the signature will be done on *this* smart card no matter what simply
> because you are not allowed (most of the time) to export private key
> from the smart card.
>
> Aleksey
>
>
You are right.
But in NSS that part is actually resolved by the function SGN_End
routine (via PK11_Sign routine and the slot already connected to the
selected private-key structure). You call SGN_End in 'nss/signatures.c'
module.
But looking at the way NSS handles it in the normal PKCS7 scenario,
SGN_End is called as the final action of a sequence which sees:
- first the selection of slot/token,
- then the verification that the token and the certificate is good for
signing,
- and finally the signature, that is actually performed by the card (in
fact NSS handles private-keys of PKCS11 devices - smart-cards or
software simulations - only as logical descriptors of keys that are
handled only by the devices).
What I don't understand is how I can realize such a sequence in a
XmlSec1 application.
Clizio
--
----------------------------
Clizio dr. Merli
C.E.O. 4u Srl, Italy
ISACA CISM (Certified Information Security Manager)
EUCIP Certified
Socio AIP (Associazione Informatici Professionisti)
----------------------------
More information about the xmlsec
mailing list