Greetings! Yes, you have understood my idea correctly.
Thank you! I'll have a look at it. On Mon, Sep 9, 2013 at 9:25 PM, Aleksey Sanin <[email protected]> wrote: > Copy/paste/replace is probably a bad idea. If you setup new URI > mapping to a new key data/transform then at any point in the code > you will have access to the relevant object "id" (e.g. see > xmlSecOpenSSLEvpSignatureCheckId). Then you can have common functions > implementing both old and new GOST algorithm and just tweak it > as necessary based on the object "id". > > Does it make sense? Or did I misunderstood your question? > > > Aleksey > > On 9/9/13 5:48 AM, Dmitry Belyavsky wrote: > > Greetings! > > > > There are new digest and signature algorithms in Russia, the standards > > were published in 2012. > > I'm thinking about implementing their support at least for the openssl > > backend in the xmlsec. > > > > It seems to me that the difference against current implementation will > > be very small and include only some points: > > - The URIs identifying algorithms > > - The string names of algorithms > > - The lengths of keys, signature and digests. > > > > It has no sense to provide a custom format for public key > > representation, and either the tag containing X.509 cert itself or the > > tags containing issuer and serial are enough. So I think it will be > > better to implement a common solution for such cases. Of cause, I can > > just clone the current GOST algorithms Klass structures and call a > > search-and-replace, but it seems to be not very good idea at all. > > > > Can you give me the piece of advice what should be a best way to provide > > support for such cases? > > > > Thank you! > > > > -- > > SY, Dmitry Belyavsky > > > > > > _______________________________________________ > > xmlsec mailing list > > [email protected] > > http://www.aleksey.com/mailman/listinfo/xmlsec > > > -- SY, Dmitry Belyavsky
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
