OpenSAML user discussion

[Brent Putman <>]

> Does the Java implementation of signing use the same underlying C
> libraries for the crypto stuff (via JNI say) or is it implemented in Java?
> 



OpenSAML just uses the Apache xmlsec (Santuario) library, which in turn
just uses the Java crypto support from the Security provider framework
(e.g. the Signature and MAC classes, etc).  So the answer is: it uses
whatever Java security providers you have installed and configured in
your JVM.  By default, the common JVM's (e.g. Sun, IBM, Apple) just use
software based implementations based on underlying Java libraries.
There might be some JNI based impls, and I believe there are PKCS11
impls that theoretically let you use things like HSMs and crypto
accelerators, although I've heard that with the latter, you'll have
varying degrees of success.  If you get anything like that working, it'd
be nice to hear a success report.

--Brent