[xmlsec] Use of smart-cards to perform cryptographic operations
clizio at net4u.it
Mon May 16 10:55:12 PDT 2005
Aleksey Sanin wrote:
>> I'll do my best (not only slot :-)).
>> Looking at you're example sign3.c I was wandering if the signing
>> sequence could be realised by modifying the underlying NSS layer so
>> - ...
>> - xmlSecCryptoAppKeyLoad could actually prepare a key structure for a
>> pseudo-file whose name is something like 'slot-name : token-name'
>> (and here the API already provide PIN parameters);
>> - xmlSecCryptoAppKeyCertLoad could be used to actually select a
>> certificate (ant its key) via a nickname specified with cert-file name;
>> - xmlSecKeySetName - as now
>> - xmlSecDSigCtxSign - performing the signature with the supplied
>> infos abore
>> - ...
> You are not required to use xmlSecCryptoAppKeyLoad(). You can write your
> own function to load key (NSS key handle) and insert it into the
> manager. Again, as soon as you have the key, you have the slot.
> xmlSecCryptoAppKeyCertLoad() is a simple example and a helper function
> for xmlsec command line app. Your requirements go beyound the
> requirements for this application and you probably want to write a
> custom function for this.
I'll take nss/app.c as a guideline to develop something like
xmlSecCryptoAppKeyLoad and xmlSecCryptoAppKeyCertLoad for my purposes,
and then will proceed as normal.
I'll let you know (and send you a copy of the new functions after
Clizio dr. Merli
C.E.O. 4u Srl, Italy
ISACA CISM (Certified Information Security Manager)
Socio AIP (Associazione Informatici Professionisti)
More information about the xmlsec