summaryrefslogtreecommitdiff
path: root/docs/api/src/chapters/using-keys.sgml
blob: c2c90f500724919a1f9a66193ed2950ad3b5901b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<chapter id="xmlsec-notes-keys">
    <title>Keys.</title>
    <para>A key in XML Security Library is a representation of the 
	<ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo">&lt;dsig:KeyInfo/&gt;</ulink>
	element and consist of several key data objects. 
	The "value" key data usually contains raw key material (or handlers to 
	key material) required to execute particular crypto transform. Other 
	key data objects may contain any additional information about the key. 
	All the key data objects in the key are associated with the same key 
	material. For example, if a DSA key material has both an X509 
	certificate and a PGP data associated with it then such a key can 
	have a DSA key "value" and two key data objects for X509 certificate 
	and PGP key data.
    </para>
    <figure>
	<title>The key structure.</title>
	<graphic fileref="images/key.png" align="center"></graphic>
    </figure>	 
    <para>XML Security Library has several "invisible" key data classes. 
	These classes never show up in the keys data list of a key but are used for 
	<ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo">&lt;dsig:KeyInfo/&gt;</ulink>
	children processing (<ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyName">&lt;dsig:KeyName/&gt;</ulink>, 
	&lt;enc:EncryptedKey/&gt;, ...). As with transforms, application might 
	add any new key data objects or replace the default ones.
    </para>
</chapter>