Hi,

> I want to write a pure Ruby implementation of W3C's XML
> encryption/signature specifications, but while spec:ing
> it out, it struck me there is no general-use crypto
> foundation available in Ruby.
>
> It also seems all of today's Ruby crypto libraries rely
> on native code, mostly OpenSSL, and the bindings seem
> related to specific functionality, like Net::SSH.
>
> One of the things I like about Java is its extensible
> crypto architecture, JCA/JCE.  If there was a Ruby
> equivalent, it would be easier to build services on
> top of it, like XML signing and so on.
>
> Anybody got any more thoughts about this?  Any interest
> in working on this?


i've recently released WSS4R [1].
It is a library to sign/encrypt soap messages conform to the web service  
security
specs. The specs based on XML signature and XML encryption, so that i have  
written
a small subset of what you want to start.

One big issue of implementing cryptographic functions in pure ruby might  
be the
performance. I think it is possible to write those libs (i have seen AES,  
DES and RSA
in pure ruby), but the performance is not good enough. I've used the  
openssl bindings
 from standart ruby and they are quite good.

Another problem might be the xml parser. REXML is quite good in parsing xml
documents, but it was very hard and tricky to write a standart conform  
xml-canonicalizer.

Don't get me wrong, just two problems i've found when coding a project  
like yours.

I'am very interested in such a project, but perhaps a swig binding to  
xmlsec[2] might
be a more pratical solution.




Regards,

Roland


--
[1] http://www.rubyforge.org/projects/wss4r
[2] http://www.aleksey.com/xmlsec