RubyGems - xmlsec-shim - Versions diffs - 1.2.18.1 - Mend

xmlsec-shim 1.2.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (969) hide show

data/vendor/xmlsec1-1.2.18/src/gcrypt/asn1.h ADDED

@@ -0,0 +1,39 @@
+/*
+ * XML Security Library
+ *
+ * gcrypt/asn1.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GCRYPT_ASN1_H__
+#define __XMLSEC_GCRYPT_ASN1_H__
+#ifndef XMLSEC_PRIVATE
+#error "gcrypt/asn1.h file contains private xmlsec-gcrypt definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+enum xmlSecGCryptDerKeyType {
+    xmlSecGCryptDerKeyTypeAuto = 0,
+    xmlSecGCryptDerKeyTypePublicDsa,
+    xmlSecGCryptDerKeyTypePublicRsa,
+    xmlSecGCryptDerKeyTypePrivateDsa,
+    xmlSecGCryptDerKeyTypePrivateRsa
+};
+xmlSecKeyDataPtr        xmlSecGCryptParseDer            (const xmlSecByte * der,
+                                                         xmlSecSize derlen,
+                                                         enum xmlSecGCryptDerKeyType type);
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+#endif /*__XMLSEC_GCRYPT_ASN1_H__ */

data/vendor/xmlsec1-1.2.18/src/gcrypt/asymkeys.c ADDED

@@ -0,0 +1,1920 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+#include <string.h>
+#include <gcrypt.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/gcrypt/crypto.h>
+/**************************************************************************
+ *
+ * Helpers
+ *
+ *************************************************************************/
+static gcry_sexp_t             xmlSecGCryptAsymSExpDup    (gcry_sexp_t sexp);
+/**************************************************************************
+ *
+ * Internal GCrypt asym key CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecGCryptAsymKeyDataCtx       xmlSecGCryptAsymKeyDataCtx,
+                                                *xmlSecGCryptAsymKeyDataCtxPtr;
+struct _xmlSecGCryptAsymKeyDataCtx {
+    gcry_sexp_t pub_key;
+    gcry_sexp_t priv_key;
+};
+/******************************************************************************
+ *
+ * Asym key (dsa/rsa)
+ *
+ * xmlSecGCryptAsymKeyDataCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptAsymKeyDataSize     \
+    (sizeof(xmlSecKeyData) + sizeof(xmlSecGCryptAsymKeyDataCtx))
+#define xmlSecGCryptAsymKeyDataGetCtx(data) \
+    ((xmlSecGCryptAsymKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+static int              xmlSecGCryptAsymKeyDataInitialize       (xmlSecKeyDataPtr data);
+static int              xmlSecGCryptAsymKeyDataDuplicate        (xmlSecKeyDataPtr dst,
+                                                                 xmlSecKeyDataPtr src);
+static void             xmlSecGCryptAsymKeyDataFinalize         (xmlSecKeyDataPtr data);
+static int              xmlSecGCryptAsymKeyDataAdoptKey         (xmlSecKeyDataPtr data,
+                                                                 gcry_sexp_t key_pair);
+static int              xmlSecGCryptAsymKeyDataAdoptKeyPair     (xmlSecKeyDataPtr data,
+                                                                 gcry_sexp_t pub_key,
+                                                                 gcry_sexp_t priv_key);
+static gcry_sexp_t      xmlSecGCryptAsymKeyDataGetPublicKey     (xmlSecKeyDataPtr data);
+static gcry_sexp_t      xmlSecGCryptAsymKeyDataGetPrivateKey    (xmlSecKeyDataPtr data);
+static int              xmlSecGCryptAsymKeyDataGenerate         (xmlSecKeyDataPtr data,
+                                                                 const char * alg,
+                                                                 xmlSecSize key_size);
+static xmlSecKeyDataType xmlSecGCryptAsymKeyDataGetType         (xmlSecKeyDataPtr data);
+static xmlSecSize       xmlSecGCryptAsymKeyDataGetSize          (xmlSecKeyDataPtr data);
+static int
+xmlSecGCryptAsymKeyDataInitialize(xmlSecKeyDataPtr data) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+    memset(ctx, 0, sizeof(xmlSecGCryptAsymKeyDataCtx));
+    return(0);
+}
+static int
+xmlSecGCryptAsymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctxDst;
+    xmlSecGCryptAsymKeyDataCtxPtr ctxSrc;
+    xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecGCryptAsymKeyDataSize), -1);
+    xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecGCryptAsymKeyDataSize), -1);
+    ctxDst = xmlSecGCryptAsymKeyDataGetCtx(dst);
+    xmlSecAssert2(ctxDst != NULL, -1);
+    xmlSecAssert2(ctxDst->pub_key == NULL, -1);
+    xmlSecAssert2(ctxDst->priv_key == NULL, -1);
+    ctxSrc = xmlSecGCryptAsymKeyDataGetCtx(src);
+    xmlSecAssert2(ctxSrc != NULL, -1);
+    if(ctxSrc->pub_key != NULL) {
+        ctxDst->pub_key = xmlSecGCryptAsymSExpDup(ctxSrc->pub_key);
+        if(ctxDst->pub_key == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+                        "xmlSecGCryptAsymSExpDup(pub_key)",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(-1);
+        }
+    }
+    if(ctxSrc->priv_key != NULL) {
+        ctxDst->priv_key = xmlSecGCryptAsymSExpDup(ctxSrc->priv_key);
+        if(ctxDst->priv_key == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+                        "xmlSecGCryptAsymSExpDup(priv_key)",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(-1);
+        }
+    }
+    return(0);
+}
+static void
+xmlSecGCryptAsymKeyDataFinalize(xmlSecKeyDataPtr data) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    xmlSecAssert(xmlSecKeyDataIsValid(data));
+    xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize));
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert(ctx != NULL);
+    if(ctx->pub_key != NULL) {
+        gcry_sexp_release(ctx->pub_key);
+    }
+    if(ctx->priv_key != NULL) {
+        gcry_sexp_release(ctx->priv_key);
+    }
+    memset(ctx, 0, sizeof(xmlSecGCryptAsymKeyDataCtx));
+}
+static int
+xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t key_pair) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    gcry_sexp_t pub_key = NULL;
+    gcry_sexp_t priv_key = NULL;
+    int res = -1;
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+    xmlSecAssert2(key_pair != NULL, -1);
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+    /* split the key pair, public part should be always present, private might
+       not be present */
+    pub_key = gcry_sexp_find_token(key_pair, "public-key", 0);
+    if(pub_key == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_find_token(public-key)",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    priv_key = gcry_sexp_find_token(key_pair, "private-key", 0);
+    /* assign */
+    if(xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecGCryptAsymKeyDataAdoptKeyPair",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    pub_key = NULL; /* data owns it now */
+    priv_key = NULL; /* data owns it now */
+    /* success */
+    res = 0;
+done:
+    if(pub_key != NULL) {
+        gcry_sexp_release(pub_key);
+    }
+    if(priv_key != NULL) {
+        gcry_sexp_release(priv_key);
+    }
+    /* done */
+    return(res);
+}
+static int
+xmlSecGCryptAsymKeyDataAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+    xmlSecAssert2(pub_key != NULL, -1); /* public key should present always */
+/*
+    aleksey - we don't set optional parameters for RSA keys (p, k, u) and
+    because of that we can't actually test the key
+    xmlSecAssert2(((priv_key == NULL) || (gcry_pk_testkey(priv_key) == GPG_ERR_NO_ERROR)), -1);
+*/
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+    /* release prev values and assign new ones */
+    if(ctx->pub_key != NULL) {
+        gcry_sexp_release(ctx->pub_key);
+    }
+    if(ctx->priv_key != NULL) {
+        gcry_sexp_release(ctx->priv_key);
+    }
+    ctx->pub_key = pub_key;
+    ctx->priv_key = priv_key;
+    /* done */
+    return(0);
+}
+static gcry_sexp_t
+xmlSecGCryptAsymKeyDataGetPublicKey(xmlSecKeyDataPtr data) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), NULL);
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, NULL);
+    return(ctx->pub_key);
+}
+static gcry_sexp_t
+xmlSecGCryptAsymKeyDataGetPrivateKey(xmlSecKeyDataPtr data) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), NULL);
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, NULL);
+    return(ctx->priv_key);
+}
+static int
+xmlSecGCryptAsymKeyDataGenerate(xmlSecKeyDataPtr data, const char * alg, xmlSecSize key_size) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    gcry_sexp_t key_spec = NULL;
+    gcry_sexp_t key_pair = NULL;
+    gcry_error_t err;
+    int ret;
+    int res = -1;
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+    xmlSecAssert2(alg != NULL, -1);
+    xmlSecAssert2(key_size > 0, -1);
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+    err = gcry_sexp_build(&key_spec, NULL,
+                          "(genkey (%s (nbits %d)(transient-key)))",
+                          alg, (int)key_size);
+    if((err != GPG_ERR_NO_ERROR) || (key_spec == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_build(genkey)",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        goto done;
+    }
+    err = gcry_pk_genkey(&key_pair, key_spec);
+    if((err != GPG_ERR_NO_ERROR) || (key_pair == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_pk_genkey",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        goto done;
+    }
+    ret = xmlSecGCryptAsymKeyDataAdoptKey(data, key_pair);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecGCryptAsymKeyDataAdopt",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "ret=%d", (int)ret);
+        goto done;
+    }
+    key_pair = NULL; /* now owned by data */
+    /* success */
+    res = 0;
+done:
+    if(key_spec != NULL) {
+        gcry_sexp_release(key_spec);
+    }
+    if(key_pair != NULL) {
+        gcry_sexp_release(key_pair);
+    }
+    return(res);
+}
+static xmlSecKeyDataType
+xmlSecGCryptAsymKeyDataGetType(xmlSecKeyDataPtr data) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown);
+    if((ctx->priv_key != NULL) && (ctx->pub_key != NULL)) {
+        return (xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+    } else if(ctx->pub_key != NULL) {
+        return (xmlSecKeyDataTypePublic);
+    }
+    return (xmlSecKeyDataTypeUnknown);
+}
+static xmlSecSize
+xmlSecGCryptAsymKeyDataGetSize(xmlSecKeyDataPtr data) {
+    xmlSecGCryptAsymKeyDataCtxPtr ctx;
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+    ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, 0);
+    /* use pub key since it is more often you have it than not */
+    return (ctx->pub_key != NULL) ? gcry_pk_get_nbits(ctx->pub_key) : 0;
+}
+/******************************************************************************
+ *
+ * helper functions
+ *
+ *****************************************************************************/
+static gcry_sexp_t
+xmlSecGCryptAsymSExpDup(gcry_sexp_t pKey) {
+    gcry_sexp_t res = NULL;
+    xmlSecByte *buf = NULL;
+    gcry_error_t err;
+    size_t size;
+    xmlSecAssert2(pKey != NULL, NULL);
+    size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+    if(size == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_sprint",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    buf = (xmlSecByte *)xmlMalloc(size);
+    if(buf == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlMalloc",
+                    XMLSEC_ERRORS_R_MALLOC_FAILED,
+                    "size=%d", (int)size);
+        goto done;
+    }
+    size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, buf, size);
+    if(size == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_sprint",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "size=%d", (int)size);
+        goto done;
+    }
+    err = gcry_sexp_new(&res, buf, size, 1);
+    if((err != GPG_ERR_NO_ERROR) || (res == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_new",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        goto done;
+    }
+done:
+    if(buf != NULL) {
+        xmlFree(buf);
+    }
+    return (res);
+}
+/**
+ * xmlSecGCryptNodeGetMpiValue:
+ * @cur: the poitner to an XML node.
+ *
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * to a BIGNUM. If no BIGNUM buffer provided then a new
+ * BIGNUM is created (caller is responsible for freeing it).
+ *
+ * Returns: a pointer to MPI produced from CryptoBinary string
+ * or NULL if an error occurs.
+ */
+static gcry_mpi_t
+xmlSecGCryptNodeGetMpiValue(const xmlNodePtr cur) {
+    xmlSecBuffer buf;
+    gcry_mpi_t res = NULL;
+    gcry_error_t err;
+    int ret;
+    xmlSecAssert2(cur != NULL, NULL);
+    ret = xmlSecBufferInitialize(&buf, 128);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferInitialize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferBase64NodeContentRead",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        xmlSecBufferFinalize(&buf);
+        return(NULL);
+    }
+    err = gcry_mpi_scan(&res, GCRYMPI_FMT_USG,
+                         xmlSecBufferGetData(&buf),
+                         xmlSecBufferGetSize(&buf),
+                         NULL);
+    if((err != GPG_ERR_NO_ERROR) || (res == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_mpi_scan",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        xmlSecBufferFinalize(&buf);
+        return(NULL);
+    }
+    /* done */
+    xmlSecBufferFinalize(&buf);
+    return(res);
+}
+/**
+ * xmlSecGCryptNodeSetMpiValue:
+ * @cur: the pointer to an XML node.
+ * @a: the mpi value
+ * @addLineBreaks: if the flag is equal to 1 then
+ *              linebreaks will be added before and after
+ *              new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGCryptNodeSetMpiValue(xmlNodePtr cur, const gcry_mpi_t a, int addLineBreaks) {
+    xmlSecBuffer buf;
+    gcry_error_t err;
+    size_t written = 0;
+    int ret;
+    xmlSecAssert2(a != NULL, -1);
+    xmlSecAssert2(cur != NULL, -1);
+    written = 0;
+    err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a);
+    if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_mpi_print",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        return(-1);
+    }
+    ret = xmlSecBufferInitialize(&buf, written + 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferInitialize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", (int)written + 1);
+        return(-1);
+    }
+    written = 0;
+    err = gcry_mpi_print(GCRYMPI_FMT_USG,
+            xmlSecBufferGetData(&buf),
+            xmlSecBufferGetMaxSize(&buf),
+            &written, a);
+    if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_mpi_print",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        xmlSecBufferFinalize(&buf);
+        return(-1);
+    }
+    ret = xmlSecBufferSetSize(&buf, written);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferSetSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "written=%d", (int)written);
+        xmlSecBufferFinalize(&buf);
+        return(-1);
+    }
+    if(addLineBreaks) {
+        xmlNodeSetContent(cur, xmlSecStringCR);
+    } else {
+        xmlNodeSetContent(cur, xmlSecStringEmpty);
+    }
+    ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferBase64NodeContentWrite",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        xmlSecBufferFinalize(&buf);
+        return(-1);
+    }
+    if(addLineBreaks) {
+        xmlNodeAddContent(cur, xmlSecStringCR);
+    }
+    xmlSecBufferFinalize(&buf);
+    return(0);
+}
+/**
+ * xmlSecGCryptNodeSetSExpTokValue:
+ * @cur: the pointer to an XML node.
+ * @sexp: the sexp
+ * @tok: the token
+ * @addLineBreaks: if the flag is equal to 1 then
+ *              linebreaks will be added before and after
+ *              new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGCryptNodeSetSExpTokValue(xmlNodePtr cur, const gcry_sexp_t sexp,
+                                const char * tok, int addLineBreaks)
+{
+    gcry_sexp_t val = NULL;
+    gcry_mpi_t mpi = NULL;
+    int res = -1;
+    xmlSecAssert2(cur != NULL, -1);
+    xmlSecAssert2(sexp != NULL, -1);
+    xmlSecAssert2(tok != NULL, -1);
+    val = gcry_sexp_find_token(sexp, tok, 0);
+    if(val == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_find_token",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "tok=%s",
+                    xmlSecErrorsSafeString(tok));
+        goto done;
+    }
+    mpi = gcry_sexp_nth_mpi(val, 1, GCRYMPI_FMT_USG);
+    if(mpi == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_nth_mpi",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "tok=%s",
+                    xmlSecErrorsSafeString(tok));
+        goto done;
+    }
+    /* almost done */
+    res = xmlSecGCryptNodeSetMpiValue(cur, mpi, addLineBreaks);
+done:
+    if(mpi != NULL) {
+        gcry_mpi_release(mpi);
+    }
+    if(val != NULL) {
+        gcry_sexp_release(val);
+    }
+    return(res);
+}
+#ifndef XMLSEC_NO_DSA
+/**************************************************************************
+ *
+ * <dsig:DSAKeyValue> processing
+ *
+ *
+ * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
+ *
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA public key values can have the following fields:
+ *
+ *   * P - a prime modulus meeting the [DSS] requirements
+ *   * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ *         divisor of P-1
+ *   * G - an integer with certain properties with respect to P and Q
+ *   * Y - G**X mod P (where X is part of the private key and not made
+ *         public)
+ *   * J - (P - 1) / Q
+ *   * seed - a DSA prime generation seed
+ *   * pgenCounter - a DSA prime generation counter
+ *
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
+ * encoded as base64 [MIME] values.
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
+ *   <sequence>
+ *     <sequence minOccurs="0">
+ *        <element name="P" type="ds:CryptoBinary"/>
+ *        <element name="Q" type="ds:CryptoBinary"/>
+ *     </sequence>
+ *     <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ *     <element name="Y" type="ds:CryptoBinary"/>
+ *     <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ *     <sequence minOccurs="0">
+ *       <element name="Seed" type="ds:CryptoBinary"/>
+ *       <element name="PgenCounter" type="ds:CryptoBinary"/>
+ *     </sequence>
+ *   </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ *  <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ *  <!ELEMENT P (#PCDATA) >
+ *  <!ELEMENT Q (#PCDATA) >
+ *  <!ELEMENT G (#PCDATA) >
+ *  <!ELEMENT Y (#PCDATA) >
+ *  <!ELEMENT J (#PCDATA) >
+ *  <!ELEMENT Seed (#PCDATA) >
+ *  <!ELEMENT PgenCounter (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an X element added (before Y).
+ * todo: The current implementation does not support Seed and PgenCounter!
+ * by this the P, Q and G are *required*!
+ *
+ *************************************************************************/
+static int              xmlSecGCryptKeyDataDsaInitialize        (xmlSecKeyDataPtr data);
+static int              xmlSecGCryptKeyDataDsaDuplicate         (xmlSecKeyDataPtr dst,
+                                                                 xmlSecKeyDataPtr src);
+static void             xmlSecGCryptKeyDataDsaFinalize          (xmlSecKeyDataPtr data);
+static int              xmlSecGCryptKeyDataDsaXmlRead           (xmlSecKeyDataId id,
+                                                                 xmlSecKeyPtr key,
+                                                                 xmlNodePtr node,
+                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecGCryptKeyDataDsaXmlWrite          (xmlSecKeyDataId id,
+                                                                 xmlSecKeyPtr key,
+                                                                 xmlNodePtr node,
+                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecGCryptKeyDataDsaGenerate          (xmlSecKeyDataPtr data,
+                                                                 xmlSecSize sizeBits,
+                                                                 xmlSecKeyDataType type);
+static xmlSecKeyDataType xmlSecGCryptKeyDataDsaGetType          (xmlSecKeyDataPtr data);
+static xmlSecSize       xmlSecGCryptKeyDataDsaGetSize           (xmlSecKeyDataPtr data);
+static void             xmlSecGCryptKeyDataDsaDebugDump         (xmlSecKeyDataPtr data,
+                                                                 FILE* output);
+static void             xmlSecGCryptKeyDataDsaDebugXmlDump      (xmlSecKeyDataPtr data,
+                                                                 FILE* output);
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataDsaKlass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecGCryptAsymKeyDataSize,
+    /* data */
+    xmlSecNameDSAKeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+                                                /* xmlSecKeyDataUsage usage; */
+    xmlSecHrefDSAKeyValue,                      /* const xmlChar* href; */
+    xmlSecNodeDSAKeyValue,                      /* const xmlChar* dataNodeName; */
+    xmlSecDSigNs,                               /* const xmlChar* dataNodeNs; */
+    /* constructors/destructor */
+    xmlSecGCryptKeyDataDsaInitialize,          /* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecGCryptKeyDataDsaDuplicate,           /* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecGCryptKeyDataDsaFinalize,            /* xmlSecKeyDataFinalizeMethod finalize; */
+    xmlSecGCryptKeyDataDsaGenerate,            /* xmlSecKeyDataGenerateMethod generate; */
+    /* get info */
+    xmlSecGCryptKeyDataDsaGetType,             /* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecGCryptKeyDataDsaGetSize,             /* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,                                       /* xmlSecKeyDataGetIdentifier getIdentifier; */
+    /* read/write */
+    xmlSecGCryptKeyDataDsaXmlRead,             /* xmlSecKeyDataXmlReadMethod xmlRead; */
+    xmlSecGCryptKeyDataDsaXmlWrite,            /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    NULL,                                       /* xmlSecKeyDataBinReadMethod binRead; */
+    NULL,                                       /* xmlSecKeyDataBinWriteMethod binWrite; */
+    /* debug */
+    xmlSecGCryptKeyDataDsaDebugDump,           /* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecGCryptKeyDataDsaDebugXmlDump,        /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+    /* reserved for the future */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+/**
+ * xmlSecGCryptKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataDsaGetKlass(void) {
+    return(&xmlSecGCryptKeyDataDsaKlass);
+}
+/**
+ * xmlSecGCryptKeyDataDsaAdoptKey:
+ * @data:               the pointer to DSA key data.
+ * @dsa_key:            the pointer to GCrypt DSA key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataDsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t dsa_key) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+    xmlSecAssert2(dsa_key != NULL, -1);
+    return xmlSecGCryptAsymKeyDataAdoptKey(data, dsa_key);
+}
+/**
+ * xmlSecGCryptKeyDataDsaAdoptKeyPair:
+ * @data:               the pointer to DSA key data.
+ * @pub_key:            the pointer to GCrypt DSA pub key.
+ * @priv_key:           the pointer to GCrypt DSA priv key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataDsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+    xmlSecAssert2(pub_key != NULL, -1);
+    return xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+/**
+ * xmlSecGCryptKeyDataDsaGetPublicKey:
+ * @data:               the pointer to DSA key data.
+ *
+ * Gets the GCrypt DSA public key from DSA key data.
+ *
+ * Returns: pointer to GCrypt public DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataDsaGetPublicKey(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), NULL);
+    return xmlSecGCryptAsymKeyDataGetPublicKey(data);
+}
+/**
+ * xmlSecGCryptKeyDataDsaGetPrivateKey:
+ * @data:               the pointer to DSA key data.
+ *
+ * Gets the GCrypt DSA private key from DSA key data.
+ *
+ * Returns: pointer to GCrypt private DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataDsaGetPrivateKey(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), NULL);
+    return xmlSecGCryptAsymKeyDataGetPrivateKey(data);
+}
+static int
+xmlSecGCryptKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+    return(xmlSecGCryptAsymKeyDataInitialize(data));
+}
+static int
+xmlSecGCryptKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGCryptKeyDataDsaId), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGCryptKeyDataDsaId), -1);
+    return(xmlSecGCryptAsymKeyDataDuplicate(dst, src));
+}
+static void
+xmlSecGCryptKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+    xmlSecGCryptAsymKeyDataFinalize(data);
+}
+static int
+xmlSecGCryptKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+    xmlSecAssert2(sizeBits > 0, -1);
+    return xmlSecGCryptAsymKeyDataGenerate(data, "dsa", sizeBits);
+}
+static xmlSecKeyDataType
+xmlSecGCryptKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+    return xmlSecGCryptAsymKeyDataGetType(data);
+}
+static xmlSecSize
+xmlSecGCryptKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), 0);
+    return xmlSecGCryptAsymKeyDataGetSize(data);
+}
+static void
+xmlSecGCryptKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+    xmlSecAssert(output != NULL);
+    fprintf(output, "=== dsa key: size = %d\n",
+            xmlSecGCryptKeyDataDsaGetSize(data));
+}
+static void
+xmlSecGCryptKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+    xmlSecAssert(output != NULL);
+    fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+            xmlSecGCryptKeyDataDsaGetSize(data));
+}
+static int
+xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id,
+                              xmlSecKeyPtr key,
+                              xmlNodePtr node,
+                              xmlSecKeyInfoCtxPtr keyInfoCtx)
+{
+    xmlNodePtr cur;
+    xmlSecKeyDataPtr data = NULL;
+    gcry_mpi_t p = NULL;
+    gcry_mpi_t q = NULL;
+    gcry_mpi_t g = NULL;
+    gcry_mpi_t x = NULL;
+    gcry_mpi_t y = NULL;
+    gcry_sexp_t pub_key = NULL;
+    gcry_sexp_t priv_key = NULL;
+    gcry_error_t err;
+    int res = -1;
+    int ret;
+    xmlSecAssert2(id == xmlSecGCryptKeyDataDsaId, -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(keyInfoCtx != NULL, -1);
+    if(xmlSecKeyGetValue(key) != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(node->children);
+    /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur,  xmlSecNodeDSAP, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAP));
+        goto done;
+    }
+    p = xmlSecGCryptNodeGetMpiValue(cur);
+    if(p == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAP));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+    /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+        goto done;
+    }
+    q = xmlSecGCryptNodeGetMpiValue(cur);
+    if(q == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+    /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAG));
+        goto done;
+    }
+    g = xmlSecGCryptNodeGetMpiValue(cur);
+    if(g == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAG));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
+        /* next is X node. It is REQUIRED for private key but
+         * we are not sure exactly what do we read */
+        x = xmlSecGCryptNodeGetMpiValue(cur);
+        if(x == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGCryptNodeGetMpiValue",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeDSAX));
+            goto done;
+        }
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+    /* next is Y node. */
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAY));
+        goto done;
+    }
+    y = xmlSecGCryptNodeGetMpiValue(cur);
+    if(y == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+    /* todo: add support for J */
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+    /* todo: add support for seed */
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+    /* todo: add support for pgencounter */
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+    if(cur != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    /* construct pub/priv key pairs */
+    err = gcry_sexp_build(&pub_key, NULL,
+             "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+             p, q, g, y);
+    if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "gcry_sexp_build(public)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        goto done;
+    }
+    if(x != NULL) {
+        err = gcry_sexp_build(&priv_key, NULL,
+                 "(private-key(dsa(p%m)(q%m)(g%m)(x%m)(y%m)))",
+                 p, q, g, x, y);
+        if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                        "gcry_sexp_build(private)",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_GCRYPT_REPORT_ERROR(err));
+            goto done;
+        }
+    }
+    /* create key data */
+    data = xmlSecKeyDataCreate(id);
+    if(data == NULL ) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecKeyDataCreate",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecGCryptKeyDataDsaAdoptKeyPair",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    pub_key = NULL; /* pub_key is owned by data now */
+    priv_key = NULL; /* priv_key is owned by data now */
+    /* set key */
+    ret = xmlSecKeySetValue(key, data);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecKeySetValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    data = NULL; /* data is owned by key now */
+    /* success */
+    res = 0;
+done:
+    /* cleanup */
+    if(p != NULL) {
+        gcry_mpi_release(p);
+    }
+    if(q != NULL) {
+        gcry_mpi_release(q);
+    }
+    if(g != NULL) {
+        gcry_mpi_release(g);
+    }
+    if(x != NULL) {
+        gcry_mpi_release(x);
+    }
+    if(y != NULL) {
+        gcry_mpi_release(y);
+    }
+    if(pub_key != NULL) {
+        gcry_sexp_release(pub_key);
+    }
+    if(priv_key != NULL) {
+        gcry_sexp_release(priv_key);
+    }
+    if(data != NULL) {
+        xmlSecKeyDataDestroy(data);
+    }
+    return(res);
+}
+static int
+xmlSecGCryptKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                                xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlNodePtr cur;
+    gcry_sexp_t pub_priv_key;
+    gcry_sexp_t dsa = NULL;
+    int private = 0;
+    int res = -1;
+    int ret;
+    xmlSecAssert2(id == xmlSecGCryptKeyDataDsaId, -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataDsaId), -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(keyInfoCtx != NULL, -1);
+    if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+        /* we can have only private key or public key */
+        return(0);
+    }
+    /* find the private or public key */
+    pub_priv_key = xmlSecGCryptKeyDataDsaGetPrivateKey(xmlSecKeyGetValue(key));
+    if(pub_priv_key == NULL) {
+        pub_priv_key = xmlSecGCryptKeyDataDsaGetPublicKey(xmlSecKeyGetValue(key));
+        if(pub_priv_key == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGCryptKeyDataDsaGetPublicKey()",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            goto done;
+        }
+    } else {
+        private = 1;
+    }
+    dsa = gcry_sexp_find_token(pub_priv_key, "dsa", 0);
+    if(dsa == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "gcry_sexp_find_token(dsa)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    /* first is P node */
+    cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAP));
+        goto done;
+    }
+    ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "p", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAP));
+        goto done;
+    }
+    /* next is Q node. */
+    cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+        goto done;
+    }
+    ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "q", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+        goto done;
+    }
+    /* next is G node. */
+    cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAG));
+        goto done;
+    }
+    ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "g", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAG));
+        goto done;
+    }
+    /* next is X node: write it ONLY for private keys and ONLY if it is requested */
+    if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+        cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
+        if(cur == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecAddChild",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeDSAX));
+            goto done;
+        }
+        ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "x", 1);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGCryptNodeSetSExpTokValue",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeDSAX));
+            goto done;
+        }
+    }
+    /* next is Y node. */
+    cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAY));
+        goto done;
+    }
+    ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "y", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAY));
+        goto done;
+    }
+    /* success */
+    res = 0;
+done:
+    if(dsa != NULL) {
+        gcry_sexp_release(dsa);
+    }
+    return(res);
+}
+#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_RSA
+/**************************************************************************
+ *
+ * <dsig:RSAKeyValue> processing
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
+ * The RSAKeyValue Element
+ *
+ * RSA key values have two fields: Modulus and Exponent.
+ *
+ * <RSAKeyValue>
+ *   <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
+ *     jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
+ *        5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ *   </Modulus>
+ *   <Exponent>AQAB</Exponent>
+ * </RSAKeyValue>
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+ * <complexType name="RSAKeyValueType">
+ *   <sequence>
+ *     <element name="Modulus" type="ds:CryptoBinary"/>
+ *     <element name="Exponent" type="ds:CryptoBinary"/>
+ *   </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ * <!ELEMENT Modulus (#PCDATA) >
+ * <!ELEMENT Exponent (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an PrivateExponent element is added
+ * to the end
+ *
+ *************************************************************************/
+static int              xmlSecGCryptKeyDataRsaInitialize       (xmlSecKeyDataPtr data);
+static int              xmlSecGCryptKeyDataRsaDuplicate        (xmlSecKeyDataPtr dst,
+                                                                 xmlSecKeyDataPtr src);
+static void             xmlSecGCryptKeyDataRsaFinalize         (xmlSecKeyDataPtr data);
+static int              xmlSecGCryptKeyDataRsaXmlRead          (xmlSecKeyDataId id,
+                                                                 xmlSecKeyPtr key,
+                                                                 xmlNodePtr node,
+                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecGCryptKeyDataRsaXmlWrite         (xmlSecKeyDataId id,
+                                                                 xmlSecKeyPtr key,
+                                                                 xmlNodePtr node,
+                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecGCryptKeyDataRsaGenerate         (xmlSecKeyDataPtr data,
+                                                                 xmlSecSize sizeBits,
+                                                                 xmlSecKeyDataType type);
+static xmlSecKeyDataType xmlSecGCryptKeyDataRsaGetType         (xmlSecKeyDataPtr data);
+static xmlSecSize               xmlSecGCryptKeyDataRsaGetSize          (xmlSecKeyDataPtr data);
+static void             xmlSecGCryptKeyDataRsaDebugDump        (xmlSecKeyDataPtr data,
+                                                                 FILE* output);
+static void             xmlSecGCryptKeyDataRsaDebugXmlDump     (xmlSecKeyDataPtr data,
+                                                                 FILE* output);
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataRsaKlass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecGCryptAsymKeyDataSize,
+    /* data */
+    xmlSecNameRSAKeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+                                                /* xmlSecKeyDataUsage usage; */
+    xmlSecHrefRSAKeyValue,                      /* const xmlChar* href; */
+    xmlSecNodeRSAKeyValue,                      /* const xmlChar* dataNodeName; */
+    xmlSecDSigNs,                               /* const xmlChar* dataNodeNs; */
+    /* constructors/destructor */
+    xmlSecGCryptKeyDataRsaInitialize,          /* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecGCryptKeyDataRsaDuplicate,           /* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecGCryptKeyDataRsaFinalize,            /* xmlSecKeyDataFinalizeMethod finalize; */
+    xmlSecGCryptKeyDataRsaGenerate,            /* xmlSecKeyDataGenerateMethod generate; */
+    /* get info */
+    xmlSecGCryptKeyDataRsaGetType,             /* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecGCryptKeyDataRsaGetSize,             /* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,                                       /* xmlSecKeyDataGetIdentifier getIdentifier; */
+    /* read/write */
+    xmlSecGCryptKeyDataRsaXmlRead,             /* xmlSecKeyDataXmlReadMethod xmlRead; */
+    xmlSecGCryptKeyDataRsaXmlWrite,            /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    NULL,                                       /* xmlSecKeyDataBinReadMethod binRead; */
+    NULL,                                       /* xmlSecKeyDataBinWriteMethod binWrite; */
+    /* debug */
+    xmlSecGCryptKeyDataRsaDebugDump,           /* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecGCryptKeyDataRsaDebugXmlDump,        /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+    /* reserved for the future */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+/**
+ * xmlSecGCryptKeyDataRsaGetKlass:
+ *
+ * The GCrypt RSA key data klass.
+ *
+ * Returns: pointer to GCrypt RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataRsaGetKlass(void) {
+    return(&xmlSecGCryptKeyDataRsaKlass);
+}
+/**
+ * xmlSecGCryptKeyDataRsaAdoptKey:
+ * @data:               the pointer to RSA key data.
+ * @rsa_key:            the pointer to GCrypt RSA key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataRsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t rsa_key) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+    xmlSecAssert2(rsa_key != NULL, -1);
+    return xmlSecGCryptAsymKeyDataAdoptKey(data, rsa_key);
+}
+/**
+ * xmlSecGCryptKeyDataRsaAdoptKeyPair:
+ * @data:               the pointer to RSA key data.
+ * @pub_key:            the pointer to GCrypt RSA pub key.
+ * @priv_key:           the pointer to GCrypt RSA priv key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataRsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+    xmlSecAssert2(pub_key != NULL, -1);
+    return xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+/**
+ * xmlSecGCryptKeyDataRsaGetPublicKey:
+ * @data:               the pointer to RSA key data.
+ *
+ * Gets the GCrypt RSA public key from RSA key data.
+ *
+ * Returns: pointer to GCrypt public RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataRsaGetPublicKey(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), NULL);
+    return xmlSecGCryptAsymKeyDataGetPublicKey(data);
+}
+/**
+ * xmlSecGCryptKeyDataRsaGetPrivateKey:
+ * @data:               the pointer to RSA key data.
+ *
+ * Gets the GCrypt RSA private key from RSA key data.
+ *
+ * Returns: pointer to GCrypt private RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataRsaGetPrivateKey(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), NULL);
+    return xmlSecGCryptAsymKeyDataGetPrivateKey(data);
+}
+static int
+xmlSecGCryptKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+    return(xmlSecGCryptAsymKeyDataInitialize(data));
+}
+static int
+xmlSecGCryptKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGCryptKeyDataRsaId), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGCryptKeyDataRsaId), -1);
+    return(xmlSecGCryptAsymKeyDataDuplicate(dst, src));
+}
+static void
+xmlSecGCryptKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+    xmlSecGCryptAsymKeyDataFinalize(data);
+}
+static int
+xmlSecGCryptKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+    xmlSecAssert2(sizeBits > 0, -1);
+    return xmlSecGCryptAsymKeyDataGenerate(data, "rsa", sizeBits);
+}
+static xmlSecKeyDataType
+xmlSecGCryptKeyDataRsaGetType(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), xmlSecKeyDataTypeUnknown);
+    return xmlSecGCryptAsymKeyDataGetType(data);
+}
+static xmlSecSize
+xmlSecGCryptKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), 0);
+    return xmlSecGCryptAsymKeyDataGetSize(data);
+}
+static void
+xmlSecGCryptKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+    xmlSecAssert(output != NULL);
+    fprintf(output, "=== rsa key: size = %d\n",
+            xmlSecGCryptKeyDataRsaGetSize(data));
+}
+static void
+xmlSecGCryptKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+    xmlSecAssert(output != NULL);
+    fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+            xmlSecGCryptKeyDataRsaGetSize(data));
+}
+static int
+xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                                    xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlNodePtr cur;
+    xmlSecKeyDataPtr data = NULL;
+    gcry_mpi_t n = NULL;
+    gcry_mpi_t e = NULL;
+    gcry_mpi_t d = NULL;
+    gcry_sexp_t pub_key = NULL;
+    gcry_sexp_t priv_key = NULL;
+    gcry_error_t err;
+    int res = -1;
+    int ret;
+    xmlSecAssert2(id == xmlSecGCryptKeyDataRsaId, -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(keyInfoCtx != NULL, -1);
+    if(xmlSecKeyGetValue(key) != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+                    "key already has a value");
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(node->children);
+    /* first is Modulus node. It is REQUIRED */
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur,  xmlSecNodeRSAModulus, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+        goto done;
+    }
+    n = xmlSecGCryptNodeGetMpiValue(cur);
+    if(n == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+    /* next is Exponent node. It is REQUIRED */
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+        goto done;
+    }
+    e = xmlSecGCryptNodeGetMpiValue(cur);
+    if(e == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
+        /* next is PrivateExponent node. It is REQUIRED for private key */
+        d = xmlSecGCryptNodeGetMpiValue(cur);
+        if(d == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGCryptNodeGetMpiValue",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+            goto done;
+        }
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+    if(cur != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "no nodes expected");
+        goto done;
+    }
+    /* construct pub/priv key pairs */
+    err = gcry_sexp_build(&pub_key, NULL,
+             "(public-key(rsa(n%m)(e%m)))",
+             n, e);
+    if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "gcry_sexp_build(public)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        goto done;
+    }
+    if(d != NULL) {
+        err = gcry_sexp_build(&priv_key, NULL,
+                 "(private-key(rsa(n%m)(e%m)(d%m)))",
+                 n, e, d);
+        if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                        "gcry_sexp_build(private)",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_GCRYPT_REPORT_ERROR(err));
+            goto done;
+        }
+    }
+    /* create key data */
+    data = xmlSecKeyDataCreate(id);
+    if(data == NULL ) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecKeyDataCreate",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecGCryptKeyDataRsaAdoptKeyPair",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    pub_key = NULL; /* pub_key is owned by data now */
+    priv_key = NULL; /* priv_key is owned by data now */
+    /* set key */
+    ret = xmlSecKeySetValue(key, data);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecKeySetValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    data = NULL; /* data is owned by key now */
+    /* success */
+    res = 0;
+done:
+    /* cleanup */
+    if(n != NULL) {
+        gcry_mpi_release(n);
+    }
+    if(e != NULL) {
+        gcry_mpi_release(e);
+    }
+    if(d != NULL) {
+        gcry_mpi_release(d);
+    }
+    if(pub_key != NULL) {
+        gcry_sexp_release(pub_key);
+    }
+    if(priv_key != NULL) {
+        gcry_sexp_release(priv_key);
+    }
+    if(data != NULL) {
+        xmlSecKeyDataDestroy(data);
+    }
+    return(res);
+}
+static int
+xmlSecGCryptKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                            xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlNodePtr cur;
+    gcry_sexp_t pub_priv_key;
+    gcry_sexp_t rsa = NULL;
+    int private = 0;
+    int res = -1;
+    int ret;
+    xmlSecAssert2(id == xmlSecGCryptKeyDataRsaId, -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataRsaId), -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(keyInfoCtx != NULL, -1);
+    if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+        /* we can have only private key or public key */
+        return(0);
+    }
+    /* find the private or public key */
+    pub_priv_key = xmlSecGCryptKeyDataRsaGetPrivateKey(xmlSecKeyGetValue(key));
+    if(pub_priv_key == NULL) {
+        pub_priv_key = xmlSecGCryptKeyDataRsaGetPublicKey(xmlSecKeyGetValue(key));
+        if(pub_priv_key == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGCryptKeyDataRsaGetPublicKey()",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            goto done;
+        }
+    } else {
+        private = 1;
+    }
+    rsa = gcry_sexp_find_token(pub_priv_key, "rsa", 0);
+    if(rsa == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "gcry_sexp_find_token(rsa)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    /* first is Modulus node */
+    cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+       goto done;
+    }
+    ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "n", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+        goto done;
+    }
+    /* next is Exponent node. */
+    cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+       goto done;
+    }
+    ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "e", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGCryptNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+       goto done;
+    }
+    /* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */
+    if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+        cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
+        if(cur == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecAddChild",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+           goto done;
+        }
+        ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "d", 1);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGCryptNodeSetSExpTokValue",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+           goto done;
+        }
+    }
+    /* success */
+    res = 0;
+done:
+    if(rsa != NULL) {
+        gcry_sexp_release(rsa);
+    }
+    return(res);
+}
+#endif /* XMLSEC_NO_RSA */