Hi,
I'd like to implement another (proprietary) PKI and crypto engine with xmlsec.
Crypto engine seems to be well segmented in the api as far as i can see, but PKI
material seems not. I was wondering if it was possible to use external (or remote)
private keys. Let me explain my point of view. I need to reference keys via criterion
(such as aliases or key parameters) but i have no direct access to private keys. I've
noticed the following problems:
1) Custom keys store don't provide any certificate or X509 Data based retrieval
method, i only found this method which is obviously based on a character string.
XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeysMngrFindKey
(xmlSecKeysMngrPtr mngr,
const
xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx);
So, even if i wanted to implement a custom keys store, I won't be able to select
corresponding key on signature verification for example (considering envelope use
X509IssuerSerial KeyInfo element).
2) Keys are represented under proprietary format. I said I can't access to private
keys directly but I have a set of criterion identifying a key (more precisely a
certificate). How can I configure xmlsec for signature operation using such key
description ?
Here is a small schema of what I want to achieve:
Private key descriptor
(few parameters like aliases,
I.e. certificate alias)
|
---------------------
|My Security Library|
---------------------
|
-------------------- (2) Use the key handle --------------------
| xmlsec |---------------------------| My Crypto engine |
-------------------- retrieved in my PKI DB --------------------
| for performing the signature
|
(1) Retrieve a key
handle via the key
descriptor
|
--------------------
| My PKI DB |
--------------------
Thanks in advance
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
