Aleksey Sanin wrote:
AFAIK, theoreticaly speaking you are right. "Public" and "private"In the NSS port for XMLSEC, I wanted to go with the same assumption,
key parts are independent. However, all used in xmlsec private key
formats (PEM, DER, PKCS#8) include both "private" and "public" key
parts. Thus, the assumption used in xmlsec library is that if you have
private key then you always have public key too. It seems from your
description that NSS uses the same assumption and I don't see any
problems with it.
but the underlying NSS library provides no API that support it (as of now).
Here are the options right now:
1) remove the assumption from XMLSEC that private key always
contains public key
2) enhance NSS library to support the case of private key containing
public key
3) do the NSS port of XMLSEC differently that does not assume
that private key contains public key... This is not going to be easy since
the xmlsec assumption is in the crypto-independent code....
What do you think of option (1)?. Seems like the best option to me.
Meanwhile, I'll explore 2 ... continue the dialogue with the NSS team.
thanks,
-Tej
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
Aleksey
