Hi, Here is a first attempt to include MS CryptoAPI support into the xmlsec lib. Because officially the code is written by me as an employee of Cordys R&D BV, they own this code. However Cordys has given permission to donate the code that is attached to this email to the xmlsec library. The code may be added to the xmlsec library code tree having the same licensing scheme the xmlsec library is now using.
OK, sofar this 'official' statement :) There are three attachments here: a patch file, to be applied in the xmlsec main directory (although I wouldn't know how to apply the patch in a windows environment without cygwin, so I haven't tested if the patch was ok), and 2 zip files. The mscryptoinclude.zip should be extracted in the xmlsec/include/xmlsec/mscrypto folder, and the mscryptosrc.zip should be extracted in the xmlsec/src/mscrypto folder. The state of the code is very alpha. It is developed and only tested on MS Win XP Pro, with the .NET compiler. It's very likely that the code does not work (correctly) at older systems (especially (pre) win98 I think), since the MS Crypto API has been evolving a lot lately. Not all code is tested. There haven't been done any interoperatibility tests with other crypto libs yet. What is in the code sofar: - SHA1 hashing (tested, and tested against OpenSSL) - Symmetric encryption: 3des-cbc (tested), AES128, AES192, AES256 (untested). - RSA-SHA1 signatures (tested) - RSA keys (not direct RSA keys yet, but only through MS Certificatestore) (tested) - x509 certificates (and CRL support), partly, the loading and keyinfo parts are partly done. (partly tested) - x509 certificate verification. Untested, and very limited at this moment. - KeyManager implementation. Wrapper for simplekeystore, with backup search facility to the MS Certificate store. Very limited search capabilities at this time, certificates in the MS certificate store can only be found with their 'friendly name' (which is the CN of the subject dn, as far as I know). - RSA-PKCS1 keytransport. Only the creation (encryption) part is tested. What will be in the code soon as far as I'm concerned: - RSA-OAEP keytransport - DSA signatures - Better search facilities for finding certificates in the MS certificate store. - ??? What is still missing then: - HMAC support - AES/3des key transport - direct keys (without ms certificate store certificates) support. - ??? And what really needs to be done as well is thorough interoperatibility testing (imho). ok, plz take a look at this, and try it out. Hopefully this will leed to a nice and stable ms crypto api support lib for the xmlsec library. Wouter Ketting [EMAIL PROTECTED]
mscrypto.diff
Description: Binary data
mscryptoinclude.zip
Description: Zip archive
mscryptosrc.zip
Description: Zip archive
