Hello,
Aleksey, perhaps you or some xmlsec users may be interested in this story.
I originally became interested in the xmlsec library because I thought I'd be using it for a certain project. In the meantime, I was trying to become a Debian developer, and Aleksey impressed me as an amiable upstream author, so I selected xmlsec for my first attempt at packaging software for Debian.
As it turns out, the project I was working on didn't use xmlsec. Partly this was because we were using Python for everything, and there was no Python binding for xmlsec at the time. The other reason is that our system uses PGP cryptography for all identities. Even if xmlsec was expanded to implement the PGP portions of XML Signature, which Aleksey encouraged, the fact is that the XML Signature support for PGP is severely limited. So my partner ended up writing an XML Signature implementation in Python, supporting only the PGP key type augmented with a few customizations.
As far as the implementation, we used a command-line interface to gnupg. This allowed us to circumvent some licensing issues, and in fact our Python library is released under an MIT license, just like xmlsec. We added two customizations to the base XML Signature spec. I'm just a layman, but from my understanding, one is a new element for KeyInfo which is a full 160-bit PGP fingerprint. (The XML Signature spec had only allowed for the shorter PGP ID, which is much more susceptible to collisions, or a full PGP key packet, which can be very large for a key with many signatures.) The other customization was a new SignatureMethod algorithm, allowing the SignatureValue to be a complete PGP signature.
So that is my story. If anyone would like to see what one of these signatures looks like, there is an example in the document at <http://giftfile.org/documents/certificate_synopsis>.
I still hope that someday the xmlsec library will support PGP key types, perhaps even with our extensions.
Regards, -John
-- http://giftfile.org/ :: giftfile project _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
