[EMAIL PROTECTED] wrote:
> Hi all, > > Currenlty I'm working on the implementation of MS Crypto lib interface > for > the xmlsec library. I've taken the stuff from Olger Warnier (see earlier > in the mailing list) as starting point, and have some things working > already (SHA1 hashing, 3des encryption, and native MS Crypto key > support), > but a lot of work still has to be done. I'm now working at RSA > signatures. > > The MS Crypto interface is based upon the OpenSSL interface. However I've > no clear idea yet how to get the MS Crypto keys into xmlsec. The > applications where I'm planning to use this library for have keys stored > in MS certificate store, that cannot be exported. This means that a > handle > to such a key must be gotten from MS Certificate store and loaded/passed > somehow to the xmlsec library, which is different from the way xmlsec > deals with keys till now, mostly PEM files that are loaded. > > Should the (client) application deal with getting a handle to an MS key, > and then pass it to the xmlsec lib (I've already code in the xmlsec > library that can handle this). Or is the xmlsec-KeyManager the place to > deal with this issue: A new implementation for the KeyManager can be > written that is capable of dealing with certificate stores. Personally > I've got the feeling that xmlsec KeyManagers are not really meant for > this > type of functionality, but I'm curious how others see this. Perhaps > anyone > else has already done some work in this direction? > > Let me know your thoughts here :) Hello Wouter, NSS is similar to MS crypto lib in terms of having a certificate and key store. So, as a starting point I'd recommend looking at how xmlsec-nss is done. src/nss/README is a good starting point - it specifically talks about keys & keysmanager and how it relates to the NSS native store. regards, -Tej > > Regards, Wouter > _______________________________________________ > xmlsec mailing list > [EMAIL PROTECTED] > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
