The keys are also separated from the xmlsec engine. Look at the xmlSecKeyData objects. Note that xmlSecKeysMngrFindKey() is not the only way to find a key. It is just needed for processing <KeyName> element in "generic" way :) However, if you key is specified in some other element when you can register a xmlSecKeyData object class to handle this element and return the key. This objects are responsible for reading *custom* keys specification and quering the *custom* keys store.
For example, if you have <X509Data> element with cert/key specification then it is processed in a special xmlSecCryptoKeyDataX509 object (where Crypto is OpenSSL, NSS, etc.) KeyDataX509 objects know how to read/write <X509Data> element and how to retrieve certificate (and then key) from custom KeysStore (which is a part of keys manager). Nobody else in xmlsec knows how to deal with certificates but nobody else needs to know :)
In similar way, you can create handlers for processing any kind of references to a key. You can add a custom keys store with interface to you custom PKI DB. Then your custom key handle is stored in special keys data object that is used by your crypto code. I hope this works for you :)
Aleksey
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
