summaryrefslogtreecommitdiff
path: root/docs/api/src/chapters/using-keys.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/api/src/chapters/using-keys.sgml')
-rw-r--r--docs/api/src/chapters/using-keys.sgml26
1 files changed, 26 insertions, 0 deletions
diff --git a/docs/api/src/chapters/using-keys.sgml b/docs/api/src/chapters/using-keys.sgml
new file mode 100644
index 00000000..c2c90f50
--- /dev/null
+++ b/docs/api/src/chapters/using-keys.sgml
@@ -0,0 +1,26 @@
+<chapter id="xmlsec-notes-keys">
+ <title>Keys.</title>
+ <para>A key in XML Security Library is a representation of the
+ <ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo">&lt;dsig:KeyInfo/&gt;</ulink>
+ element and consist of several key data objects.
+ The "value" key data usually contains raw key material (or handlers to
+ key material) required to execute particular crypto transform. Other
+ key data objects may contain any additional information about the key.
+ All the key data objects in the key are associated with the same key
+ material. For example, if a DSA key material has both an X509
+ certificate and a PGP data associated with it then such a key can
+ have a DSA key "value" and two key data objects for X509 certificate
+ and PGP key data.
+ </para>
+ <figure>
+ <title>The key structure.</title>
+ <graphic fileref="images/key.png" align="center"></graphic>
+ </figure>
+ <para>XML Security Library has several "invisible" key data classes.
+ These classes never show up in the keys data list of a key but are used for
+ <ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo">&lt;dsig:KeyInfo/&gt;</ulink>
+ children processing (<ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyName">&lt;dsig:KeyName/&gt;</ulink>,
+ &lt;enc:EncryptedKey/&gt;, ...). As with transforms, application might
+ add any new key data objects or replace the default ones.
+ </para>
+</chapter>