[xmlsec] Use of smart-cards to perform cryptographic operations

Clizio Merli clizio at net4u.it
Mon May 16 10:55:12 PDT 2005

Aleksey Sanin wrote:

>> OK
>> I'll do my best (not only slot :-)).
>> Looking at you're example sign3.c I was wandering if the signing 
>> sequence could be realised by modifying the underlying NSS layer so 
>> that:
>> - ...
>> - xmlSecCryptoAppKeyLoad could actually prepare a key structure for a 
>> pseudo-file whose name is something like 'slot-name : token-name'
>>  (and here the API already provide PIN parameters);
>> - xmlSecCryptoAppKeyCertLoad could be used to actually select a 
>> certificate (ant its key) via a nickname specified with cert-file name;
>> - xmlSecKeySetName - as now
>> - xmlSecDSigCtxSign - performing the signature with the supplied 
>> infos abore
>> - ...
> You are not required to use xmlSecCryptoAppKeyLoad(). You can write your
> own function to load key (NSS key handle) and insert it into the
> manager. Again, as soon as you have the key, you have the slot.
> xmlSecCryptoAppKeyCertLoad() is a simple example and a helper function
> for xmlsec command line app. Your requirements go beyound the
> requirements for this application and you probably want to write a
> custom function for this.
> Aleksey


I'll take nss/app.c as a guideline to develop something like 
xmlSecCryptoAppKeyLoad and xmlSecCryptoAppKeyCertLoad for my purposes, 
and then will proceed as normal.
I'll let you know (and send you a copy of the new functions after 


Clizio dr. Merli

C.E.O. 4u Srl, Italy
ISACA CISM (Certified Information Security Manager)
EUCIP Certified
Socio AIP (Associazione Informatici Professionisti)

More information about the xmlsec mailing list