[xmlsec] The support of new GOST algorithms in xmlsec

Dmitry Belyavsky beldmit at gmail.com
Mon Sep 9 05:48:22 PDT 2013


There are new digest and signature algorithms in Russia, the standards were
published in 2012.
I'm thinking about implementing their support at least for the openssl
backend in the xmlsec.

It seems to me that the difference against current implementation will be
very small and include only some points:
- The URIs identifying algorithms
- The string names of algorithms
- The lengths of keys, signature and digests.

It has no sense to provide a custom format for public key representation,
and either the tag containing X.509 cert itself or the tags containing
issuer and serial are enough. So I think it will be better to implement a
common solution for such cases. Of cause, I can just clone the current GOST
algorithms Klass structures and call a search-and-replace, but it seems to
be not very good idea at all.

Can you give me the piece of advice what should be a best way to provide
support for such cases?

Thank you!

SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20130909/f319f4a0/attachment.html>

More information about the xmlsec mailing list