I want to write a pure Ruby implementation of W3C’s XML
encryption/signature specifications, but while spec:ing
it out, it struck me there is no general-use crypto
foundation available in Ruby.
It also seems all of today’s Ruby crypto libraries rely
on native code, mostly OpenSSL, and the bindings seem
related to specific functionality, like Net::SSH.
One of the things I like about Java is its extensible
crypto architecture, JCA/JCE. If there was a Ruby
equivalent, it would be easier to build services on
top of it, like XML signing and so on.
Anybody got any more thoughts about this? Any interest
in working on this?
Thanks,
Hans
Hi,
crypto architecture, JCA/JCE. If there was a Ruby
equivalent, it would be easier to build services on
top of it, like XML signing and so on.
Anybody got any more thoughts about this? Any interest
in working on this?
i’ve recently released WSS4R [1].
It is a library to sign/encrypt soap messages conform to the web service
security
specs. The specs based on XML signature and XML encryption, so that i
have
written
a small subset of what you want to start.
One big issue of implementing cryptographic functions in pure ruby might
be the
performance. I think it is possible to write those libs (i have seen
AES,
DES and RSA
in pure ruby), but the performance is not good enough. I’ve used the
openssl bindings
from standart ruby and they are quite good.
Another problem might be the xml parser. REXML is quite good in parsing
xml
documents, but it was very hard and tricky to write a standart conform
xml-canonicalizer.
Don’t get me wrong, just two problems i’ve found when coding a project
like yours.
I’am very interested in such a project, but perhaps a swig binding to
xmlsec[2] might
be a more pratical solution.
Regards,
Roland
i’ve recently released WSS4R [1].
Nice work. I saw it on rubyforge – I will have a closer
look at it the next few days.
…
One big issue of implementing cryptographic functions
in pure ruby might be the performance.
Yeah, I agree. That’s why what Sun did with
the Java crypto framework works so well: with the provided
hooks, the implementation can be pure Java or native
JNId livrary. The same concept would work great for Ruby,
and with time, the ruby runtime may be as fast as the Java
VMs.
…
Another problem might be the xml parser. REXML is quite
good in parsing xml documents, but it was very hard and
tricky to write a standart conform xml-canonicalizer.
I can imagine that – the C14N specs are not easy to deal
with to begin with!
…
I’am very interested in such a project, but perhaps a
swig binding to xmlsec[2]
SWIG looks interesting. I gotta check that out, too, thanks!
Of course, for a good Java xml security library, few beat
http://incubator.apache.org/tsik
but I confess to slight bias here 
Thanks,
Hans