While I cannot speak for the innards of santuario too much, parameters related to cryptographic hardware modules are provider-specific details. Every hardware vendor has parameters that work only with their provider library. Cryptographic application libraries - like santuario - only pass through these details and report in exceptions what the hardware provider reports.
You can always configure the HSM to log its communications with the XMLSignature library in detail while you're developing/debugging your application code. Once done, you can ramp down the logging to suit your operational needs. Arshad Noor StrongAuth, Inc. On 03/15/2012 02:05 PM, paul wrote:
If I sign an xml doc using a filesystem cert, then errors like timeouts and server not found are not an issue, but I'm starting to look an architecture where a locked down network device (net hsm) holds the private key. In this case the keystore is initialized w/ a special provider name. For this flow a network roundtrip happens during signing and errors could occur. Is there anyway to specify things like timeouts? Or is this hidden in the provider code and only exposed thru exceptions? thanks, Paul.
