Hi Jaromir, On Wed, Feb 17, 2021 at 02:26:08PM +0100, Jaromir Talir <[email protected]> wrote: > did I understand correctly, that you wrote libreoffice signer using > xmlsec1 libraries? Or you are just using it?
Nah, openoffice was already able to sign ODF files using libxmlsec, but I did a considerable amount of maintenance after the libreoffice fork in this area (most importantly porting to mscng on Windows, which resulted in libxmlsec's mscng backend as well). > If you are the author, are > you able to trace where in the xmlsec1 API PIN is passed to crypto > engine (nss)? It doesn't work like this. We take signing keys from the NSS store (e.g. mozilla firefox profile), that already includes pkcs#11 tokens. And then once we sign it (call xmlSecDSigCtxSign()), then NSS invokes the pkcs#11 driver which takes care of asking for the PIN interactively, on the graphical user interface. So my understanding is that at least libreoffice and libxmlsec has no code to open a graphical popup to ask for a PIN, the driver does this. (At least with the pkcs#11 HW I have at hand.) I understand that asking for the PIN in a cmdline app also makes sense, but I have no experience there. Regards, Miklos _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
