[xmlsec] separate gnutls and gcrypt



commit cd22c7608c62c03a1a00165ada8ff38e6868cae5
Author: Aleksey Sanin <aleksey aleksey com>
Date:   Mon May 10 00:35:54 2010 -0700

    separate gnutls and gcrypt

 docs/api/sgml/gcrypt/app.sgml                  |  429 ++++++
 docs/api/sgml/gcrypt/crypto.sgml               |  589 ++++++++
 docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.bottom  |    2 +
 docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.top     |    2 +
 docs/api/tmpl/gcrypt/app.sgml                  |  184 +++
 docs/api/tmpl/gcrypt/crypto.sgml               |  396 +++++
 docs/api/xmlsec-gcrypt.sgml                    |   15 +
 include/xmlsec/gcrypt/Makefile.am              |   13 +
 include/xmlsec/gcrypt/app.h                    |   96 ++
 include/xmlsec/gcrypt/crypto.h                 |  460 ++++++
 include/xmlsec/gcrypt/symbols.h                |  104 ++
 src/gcrypt/Makefile.am                         |   51 +
 src/gcrypt/README                              |    9 +
 src/gcrypt/app.c                               |  509 +++++++
 src/gcrypt/asymkeys.c                          | 1922 ++++++++++++++++++++++++
 src/gcrypt/ciphers.c                           |  853 +++++++++++
 src/gcrypt/crypto.c                            |  330 ++++
 src/gcrypt/digests.c                           |  616 ++++++++
 src/gcrypt/globals.h                           |   24 +
 src/gcrypt/hmac.c                              |  824 ++++++++++
 src/gcrypt/kw_aes.c                            |  594 ++++++++
 src/gcrypt/kw_des.c                            |  610 ++++++++
 src/gcrypt/symkeys.c                           |  440 ++++++
 xmlsec-gcrypt.pc.in                            |   11 +
 24 files changed, 9083 insertions(+), 0 deletions(-)
---
diff --git a/docs/api/sgml/gcrypt/app.sgml b/docs/api/sgml/gcrypt/app.sgml
new file mode 100644
index 0000000..9596be6
--- /dev/null
+++ b/docs/api/sgml/gcrypt/app.sgml
@@ -0,0 +1,429 @@
+<refentry id="xmlsec-gnutls-app">
+<refmeta>
+<refentrytitle role="top_of_page" id="xmlsec-gnutls-app.top_of_page">app</refentrytitle>
+<manvolnum>3</manvolnum>
+<refmiscinfo>XMLSEC-GNUTLS Library</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+<refname>app</refname>
+<refpurpose>Application functions implementation for GnuTLS.</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv id="xmlsec-gnutls-app.synopsis" role="synopsis">
+<title role="synopsis.title">Synopsis</title>
+
+<synopsis>
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppInit">xmlSecGnuTLSAppInit</link>                 (const <link linkend="char">char</link> *config);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppShutdown">xmlSecGnuTLSAppShutdown</link>             (void);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppDefaultKeysMngrInit">xmlSecGnuTLSAppDefaultKeysMngrInit</link>  (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey">xmlSecGnuTLSAppDefaultKeysMngrAdoptKey</link>
+                                                        (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         <link linkend="xmlSecKey">xmlSecKeyPtr</link> key);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppDefaultKeysMngrLoad">xmlSecGnuTLSAppDefaultKeysMngrLoad</link>  (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         const <link linkend="char">char</link> *uri);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppDefaultKeysMngrSave">xmlSecGnuTLSAppDefaultKeysMngrSave</link>  (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         const <link linkend="char">char</link> *filename,
+                                                         <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppKeysMngrCertLoad">xmlSecGnuTLSAppKeysMngrCertLoad</link>     (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         const <link linkend="char">char</link> *filename,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+                                                         <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppKeysMngrCertLoadMemory">xmlSecGnuTLSAppKeysMngrCertLoadMemory</link>
+                                                        (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+                                                         <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);
+<link linkend="xmlSecKey">xmlSecKeyPtr</link>        <link linkend="xmlSecGnuTLSAppKeyLoad">xmlSecGnuTLSAppKeyLoad</link>              (const <link linkend="char">char</link> *filename,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+                                                         const <link linkend="char">char</link> *pwd,
+                                                         <link linkend="void">void</link> *pwdCallback,
+                                                         <link linkend="void">void</link> *pwdCallbackCtx);
+<link linkend="xmlSecKey">xmlSecKeyPtr</link>        <link linkend="xmlSecGnuTLSAppKeyLoadMemory">xmlSecGnuTLSAppKeyLoadMemory</link>        (const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+                                                         const <link linkend="char">char</link> *pwd,
+                                                         <link linkend="void">void</link> *pwdCallback,
+                                                         <link linkend="void">void</link> *pwdCallbackCtx);
+<link linkend="xmlSecKey">xmlSecKeyPtr</link>        <link linkend="xmlSecGnuTLSAppPkcs12Load">xmlSecGnuTLSAppPkcs12Load</link>           (const <link linkend="char">char</link> *filename,
+                                                         const <link linkend="char">char</link> *pwd,
+                                                         <link linkend="void">void</link> *pwdCallback,
+                                                         <link linkend="void">void</link> *pwdCallbackCtx);
+<link linkend="xmlSecKey">xmlSecKeyPtr</link>        <link linkend="xmlSecGnuTLSAppPkcs12LoadMemory">xmlSecGnuTLSAppPkcs12LoadMemory</link>     (const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+                                                         const <link linkend="char">char</link> *pwd,
+                                                         <link linkend="void">void</link> *pwdCallback,
+                                                         <link linkend="void">void</link> *pwdCallbackCtx);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppKeyCertLoad">xmlSecGnuTLSAppKeyCertLoad</link>          (<link linkend="xmlSecKey">xmlSecKeyPtr</link> key,
+                                                         const <link linkend="char">char</link> *filename,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSAppKeyCertLoadMemory">xmlSecGnuTLSAppKeyCertLoadMemory</link>    (<link linkend="xmlSecKey">xmlSecKeyPtr</link> key,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format);
+<link linkend="void">void</link>*               <link linkend="xmlSecGnuTLSAppGetDefaultPwdCallback">xmlSecGnuTLSAppGetDefaultPwdCallback</link>
+                                                        (void);
+</synopsis>
+</refsynopsisdiv>
+
+
+
+
+
+
+
+
+
+<refsect1 id="xmlsec-gnutls-app.description" role="desc">
+<title role="desc.title">Description</title>
+<para>
+Application functions implementation for GnuTLS.
+</para>
+</refsect1>
+
+<refsect1 id="xmlsec-gnutls-app.details" role="details">
+<title role="details.title">Details</title>
+<refsect2 id="xmlSecGnuTLSAppInit" role="function">
+<title>xmlSecGnuTLSAppInit ()</title>
+<indexterm zone="xmlSecGnuTLSAppInit"><primary sortas="xmlSecGnuTLSAppInit">xmlSecGnuTLSAppInit</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppInit                 (const <link linkend="char">char</link> *config);</programlisting>
+<para>
+General crypto engine initialization. This function is used
+by XMLSec command line utility and called before
+<parameter>xmlSecInit</parameter> function.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>config</parameter>&#160;:</term>
+<listitem><simpara>             the path to GnuTLS configuration (unused).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppShutdown" role="function">
+<title>xmlSecGnuTLSAppShutdown ()</title>
+<indexterm zone="xmlSecGnuTLSAppShutdown"><primary sortas="xmlSecGnuTLSAppShutdown">xmlSecGnuTLSAppShutdown</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppShutdown             (void);</programlisting>
+<para>
+General crypto engine shutdown. This function is used
+by XMLSec command line utility and called after
+<parameter>xmlSecShutdown</parameter> function.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppDefaultKeysMngrInit" role="function">
+<title>xmlSecGnuTLSAppDefaultKeysMngrInit ()</title>
+<indexterm zone="xmlSecGnuTLSAppDefaultKeysMngrInit"><primary sortas="xmlSecGnuTLSAppDefaultKeysMngrInit">xmlSecGnuTLSAppDefaultKeysMngrInit</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppDefaultKeysMngrInit  (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr);</programlisting>
+<para>
+Initializes <parameter>mngr</parameter> with simple keys store <link linkend="xmlSecSimpleKeysStoreId"><type>xmlSecSimpleKeysStoreId</type></link>
+and a default GnuTLS crypto key data stores.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter>&#160;:</term>
+<listitem><simpara>               the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey" role="function">
+<title>xmlSecGnuTLSAppDefaultKeysMngrAdoptKey ()</title>
+<indexterm zone="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey"><primary sortas="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey">xmlSecGnuTLSAppDefaultKeysMngrAdoptKey</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppDefaultKeysMngrAdoptKey
+                                                        (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         <link linkend="xmlSecKey">xmlSecKeyPtr</link> key);</programlisting>
+<para>
+Adds <parameter>key</parameter> to the keys manager <parameter>mngr</parameter> created with <link linkend="xmlSecGnuTLSAppDefaultKeysMngrInit"><type>xmlSecGnuTLSAppDefaultKeysMngrInit</type></link>
+function.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter>&#160;:</term>
+<listitem><simpara>               the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>key</parameter>&#160;:</term>
+<listitem><simpara>                the pointer to key.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppDefaultKeysMngrLoad" role="function">
+<title>xmlSecGnuTLSAppDefaultKeysMngrLoad ()</title>
+<indexterm zone="xmlSecGnuTLSAppDefaultKeysMngrLoad"><primary sortas="xmlSecGnuTLSAppDefaultKeysMngrLoad">xmlSecGnuTLSAppDefaultKeysMngrLoad</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppDefaultKeysMngrLoad  (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         const <link linkend="char">char</link> *uri);</programlisting>
+<para>
+Loads XML keys file from <parameter>uri</parameter> to the keys manager <parameter>mngr</parameter> created
+with <link linkend="xmlSecGnuTLSAppDefaultKeysMngrInit"><type>xmlSecGnuTLSAppDefaultKeysMngrInit</type></link> function.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter>&#160;:</term>
+<listitem><simpara>               the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>uri</parameter>&#160;:</term>
+<listitem><simpara>                the uri.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppDefaultKeysMngrSave" role="function">
+<title>xmlSecGnuTLSAppDefaultKeysMngrSave ()</title>
+<indexterm zone="xmlSecGnuTLSAppDefaultKeysMngrSave"><primary sortas="xmlSecGnuTLSAppDefaultKeysMngrSave">xmlSecGnuTLSAppDefaultKeysMngrSave</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppDefaultKeysMngrSave  (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         const <link linkend="char">char</link> *filename,
+                                                         <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);</programlisting>
+<para>
+Saves keys from <parameter>mngr</parameter> to  XML keys file.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter>&#160;:</term>
+<listitem><simpara>               the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>filename</parameter>&#160;:</term>
+<listitem><simpara>           the destination filename.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>type</parameter>&#160;:</term>
+<listitem><simpara>               the type of keys to save (public/private/symmetric).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeysMngrCertLoad" role="function">
+<title>xmlSecGnuTLSAppKeysMngrCertLoad ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeysMngrCertLoad"><primary sortas="xmlSecGnuTLSAppKeysMngrCertLoad">xmlSecGnuTLSAppKeysMngrCertLoad</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppKeysMngrCertLoad     (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         const <link linkend="char">char</link> *filename,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+                                                         <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);</programlisting>
+<para>
+Reads cert from <parameter>filename</parameter> and adds to the list of trusted or known
+untrusted certs in <parameter>store</parameter> (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter>&#160;:</term>
+<listitem><simpara>               the keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>filename</parameter>&#160;:</term>
+<listitem><simpara>           the certificate file.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter>&#160;:</term>
+<listitem><simpara>             the certificate file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>type</parameter>&#160;:</term>
+<listitem><simpara>               the flag that indicates is the certificate in <parameter>filename</parameter>
+                     trusted or not.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeysMngrCertLoadMemory" role="function">
+<title>xmlSecGnuTLSAppKeysMngrCertLoadMemory ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeysMngrCertLoadMemory"><primary sortas="xmlSecGnuTLSAppKeysMngrCertLoadMemory">xmlSecGnuTLSAppKeysMngrCertLoadMemory</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppKeysMngrCertLoadMemory
+                                                        (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+                                                         <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);</programlisting>
+<para>
+Reads cert from binary buffer <parameter>data</parameter> and adds to the list of trusted or known
+untrusted certs in <parameter>store</parameter> (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter>&#160;:</term>
+<listitem><simpara>               the keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>data</parameter>&#160;:</term>
+<listitem><simpara>               the certificate binary data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>dataSize</parameter>&#160;:</term>
+<listitem><simpara>           the certificate binary data size.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter>&#160;:</term>
+<listitem><simpara>             the certificate file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>type</parameter>&#160;:</term>
+<listitem><simpara>               the flag that indicates is the certificate trusted or not.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeyLoad" role="function">
+<title>xmlSecGnuTLSAppKeyLoad ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeyLoad"><primary sortas="xmlSecGnuTLSAppKeyLoad">xmlSecGnuTLSAppKeyLoad</primary></indexterm><programlisting><link linkend="xmlSecKey">xmlSecKeyPtr</link>        xmlSecGnuTLSAppKeyLoad              (const <link linkend="char">char</link> *filename,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+                                                         const <link linkend="char">char</link> *pwd,
+                                                         <link linkend="void">void</link> *pwdCallback,
+                                                         <link linkend="void">void</link> *pwdCallbackCtx);</programlisting>
+<para>
+Reads key from the a file (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>filename</parameter>&#160;:</term>
+<listitem><simpara>           the key filename.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter>&#160;:</term>
+<listitem><simpara>             the key file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwd</parameter>&#160;:</term>
+<listitem><simpara>                the key file password.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallback</parameter>&#160;:</term>
+<listitem><simpara>        the key password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallbackCtx</parameter>&#160;:</term>
+<listitem><simpara>     the user context for password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to the key or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeyLoadMemory" role="function">
+<title>xmlSecGnuTLSAppKeyLoadMemory ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeyLoadMemory"><primary sortas="xmlSecGnuTLSAppKeyLoadMemory">xmlSecGnuTLSAppKeyLoadMemory</primary></indexterm><programlisting><link linkend="xmlSecKey">xmlSecKeyPtr</link>        xmlSecGnuTLSAppKeyLoadMemory        (const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+                                                         const <link linkend="char">char</link> *pwd,
+                                                         <link linkend="void">void</link> *pwdCallback,
+                                                         <link linkend="void">void</link> *pwdCallbackCtx);</programlisting>
+<para>
+Reads key from the memory buffer (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter>&#160;:</term>
+<listitem><simpara>               the binary key data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>dataSize</parameter>&#160;:</term>
+<listitem><simpara>           the size of binary key.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter>&#160;:</term>
+<listitem><simpara>             the key file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwd</parameter>&#160;:</term>
+<listitem><simpara>                the key file password.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallback</parameter>&#160;:</term>
+<listitem><simpara>        the key password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallbackCtx</parameter>&#160;:</term>
+<listitem><simpara>     the user context for password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to the key or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppPkcs12Load" role="function">
+<title>xmlSecGnuTLSAppPkcs12Load ()</title>
+<indexterm zone="xmlSecGnuTLSAppPkcs12Load"><primary sortas="xmlSecGnuTLSAppPkcs12Load">xmlSecGnuTLSAppPkcs12Load</primary></indexterm><programlisting><link linkend="xmlSecKey">xmlSecKeyPtr</link>        xmlSecGnuTLSAppPkcs12Load           (const <link linkend="char">char</link> *filename,
+                                                         const <link linkend="char">char</link> *pwd,
+                                                         <link linkend="void">void</link> *pwdCallback,
+                                                         <link linkend="void">void</link> *pwdCallbackCtx);</programlisting>
+<para>
+Reads key and all associated certificates from the PKCS12 file
+(not implemented yet).
+For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>filename</parameter>&#160;:</term>
+<listitem><simpara>           the PKCS12 key filename.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwd</parameter>&#160;:</term>
+<listitem><simpara>                the PKCS12 file password.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallback</parameter>&#160;:</term>
+<listitem><simpara>        the password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallbackCtx</parameter>&#160;:</term>
+<listitem><simpara>     the user context for password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to the key or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppPkcs12LoadMemory" role="function">
+<title>xmlSecGnuTLSAppPkcs12LoadMemory ()</title>
+<indexterm zone="xmlSecGnuTLSAppPkcs12LoadMemory"><primary sortas="xmlSecGnuTLSAppPkcs12LoadMemory">xmlSecGnuTLSAppPkcs12LoadMemory</primary></indexterm><programlisting><link linkend="xmlSecKey">xmlSecKeyPtr</link>        xmlSecGnuTLSAppPkcs12LoadMemory     (const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+                                                         const <link linkend="char">char</link> *pwd,
+                                                         <link linkend="void">void</link> *pwdCallback,
+                                                         <link linkend="void">void</link> *pwdCallbackCtx);</programlisting>
+<para>
+Reads key and all associated certificates from the PKCS12 data in memory buffer.
+For uniformity, call xmlSecGnuTLSAppKeyLoadMemory instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter>&#160;:</term>
+<listitem><simpara>               the PKCS12 binary data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>dataSize</parameter>&#160;:</term>
+<listitem><simpara>           the PKCS12 binary data size.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwd</parameter>&#160;:</term>
+<listitem><simpara>                the PKCS12 file password.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallback</parameter>&#160;:</term>
+<listitem><simpara>        the password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallbackCtx</parameter>&#160;:</term>
+<listitem><simpara>     the user context for password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to the key or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeyCertLoad" role="function">
+<title>xmlSecGnuTLSAppKeyCertLoad ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeyCertLoad"><primary sortas="xmlSecGnuTLSAppKeyCertLoad">xmlSecGnuTLSAppKeyCertLoad</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppKeyCertLoad          (<link linkend="xmlSecKey">xmlSecKeyPtr</link> key,
+                                                         const <link linkend="char">char</link> *filename,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format);</programlisting>
+<para>
+Reads the certificate from $<parameter>filename</parameter> and adds it to key
+(not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>key</parameter>&#160;:</term>
+<listitem><simpara>                the pointer to key.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>filename</parameter>&#160;:</term>
+<listitem><simpara>           the certificate filename.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter>&#160;:</term>
+<listitem><simpara>             the certificate file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeyCertLoadMemory" role="function">
+<title>xmlSecGnuTLSAppKeyCertLoadMemory ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeyCertLoadMemory"><primary sortas="xmlSecGnuTLSAppKeyCertLoadMemory">xmlSecGnuTLSAppKeyCertLoadMemory</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSAppKeyCertLoadMemory    (<link linkend="xmlSecKey">xmlSecKeyPtr</link> key,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+                                                         <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format);</programlisting>
+<para>
+Reads the certificate from memory buffer and adds it to key (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>key</parameter>&#160;:</term>
+<listitem><simpara>                the pointer to key.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>data</parameter>&#160;:</term>
+<listitem><simpara>               the certificate binary data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>dataSize</parameter>&#160;:</term>
+<listitem><simpara>           the certificate binary data size.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter>&#160;:</term>
+<listitem><simpara>             the certificate file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppGetDefaultPwdCallback" role="function">
+<title>xmlSecGnuTLSAppGetDefaultPwdCallback ()</title>
+<indexterm zone="xmlSecGnuTLSAppGetDefaultPwdCallback"><primary sortas="xmlSecGnuTLSAppGetDefaultPwdCallback">xmlSecGnuTLSAppGetDefaultPwdCallback</primary></indexterm><programlisting><link linkend="void">void</link>*               xmlSecGnuTLSAppGetDefaultPwdCallback
+                                                        (void);</programlisting>
+<para>
+Gets default password callback.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> default password callback.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+
+</refsect1>
+
+
+
+
+</refentry>
diff --git a/docs/api/sgml/gcrypt/crypto.sgml b/docs/api/sgml/gcrypt/crypto.sgml
new file mode 100644
index 0000000..025fac9
--- /dev/null
+++ b/docs/api/sgml/gcrypt/crypto.sgml
@@ -0,0 +1,589 @@
+<refentry id="xmlsec-gnutls-crypto">
+<refmeta>
+<refentrytitle role="top_of_page" id="xmlsec-gnutls-crypto.top_of_page">crypto</refentrytitle>
+<manvolnum>3</manvolnum>
+<refmiscinfo>XMLSEC-GNUTLS Library</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+<refname>crypto</refname>
+<refpurpose>Crypto transforms implementation for GnuTLS.</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv id="xmlsec-gnutls-crypto.synopsis" role="synopsis">
+<title role="synopsis.title">Synopsis</title>
+
+<synopsis>
+<link linkend="xmlSecCryptoDLFunctions">xmlSecCryptoDLFunctionsPtr</link>  <link linkend="xmlSecCryptoGetFunctions-gnutls">xmlSecCryptoGetFunctions_gnutls</link>
+                                                        (void);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSInit">xmlSecGnuTLSInit</link>                    (void);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSShutdown">xmlSecGnuTLSShutdown</link>                (void);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSKeysMngrInit">xmlSecGnuTLSKeysMngrInit</link>            (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSGenerateRandom">xmlSecGnuTLSGenerateRandom</link>          (<link linkend="xmlSecBuffer">xmlSecBufferPtr</link> buffer,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> size);
+#define             <link linkend="xmlSecGnuTLSKeyDataAesId">xmlSecGnuTLSKeyDataAesId</link>
+<link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link>     <link linkend="xmlSecGnuTLSKeyDataAesGetKlass">xmlSecGnuTLSKeyDataAesGetKlass</link>      (void);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSKeyDataAesSet">xmlSecGnuTLSKeyDataAesSet</link>           (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> bufSize);
+#define             <link linkend="xmlSecGnuTLSTransformAes128CbcId">xmlSecGnuTLSTransformAes128CbcId</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformAes128CbcGetKlass">xmlSecGnuTLSTransformAes128CbcGetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSTransformAes192CbcId">xmlSecGnuTLSTransformAes192CbcId</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformAes192CbcGetKlass">xmlSecGnuTLSTransformAes192CbcGetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSTransformAes256CbcId">xmlSecGnuTLSTransformAes256CbcId</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformAes256CbcGetKlass">xmlSecGnuTLSTransformAes256CbcGetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSKeyDataDesId">xmlSecGnuTLSKeyDataDesId</link>
+<link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link>     <link linkend="xmlSecGnuTLSKeyDataDesGetKlass">xmlSecGnuTLSKeyDataDesGetKlass</link>      (void);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSKeyDataDesSet">xmlSecGnuTLSKeyDataDesSet</link>           (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> bufSize);
+#define             <link linkend="xmlSecGnuTLSTransformDes3CbcId">xmlSecGnuTLSTransformDes3CbcId</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformDes3CbcGetKlass">xmlSecGnuTLSTransformDes3CbcGetKlass</link>
+                                                        (void);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSHmacGetMinOutputLength">xmlSecGnuTLSHmacGetMinOutputLength</link>  (void);
+<link linkend="void">void</link>                <link linkend="xmlSecGnuTLSHmacSetMinOutputLength">xmlSecGnuTLSHmacSetMinOutputLength</link>  (<link linkend="int">int</link> min_length);
+#define             <link linkend="xmlSecGnuTLSKeyDataHmacId">xmlSecGnuTLSKeyDataHmacId</link>
+<link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link>     <link linkend="xmlSecGnuTLSKeyDataHmacGetKlass">xmlSecGnuTLSKeyDataHmacGetKlass</link>     (void);
+<link linkend="int">int</link>                 <link linkend="xmlSecGnuTLSKeyDataHmacSet">xmlSecGnuTLSKeyDataHmacSet</link>          (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> bufSize);
+#define             <link linkend="xmlSecGnuTLSTransformHmacMd5Id">xmlSecGnuTLSTransformHmacMd5Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformHmacMd5GetKlass">xmlSecGnuTLSTransformHmacMd5GetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSTransformHmacRipemd160Id">xmlSecGnuTLSTransformHmacRipemd160Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformHmacRipemd160GetKlass">xmlSecGnuTLSTransformHmacRipemd160GetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSTransformHmacSha1Id">xmlSecGnuTLSTransformHmacSha1Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformHmacSha1GetKlass">xmlSecGnuTLSTransformHmacSha1GetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSTransformHmacSha256Id">xmlSecGnuTLSTransformHmacSha256Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformHmacSha256GetKlass">xmlSecGnuTLSTransformHmacSha256GetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSTransformHmacSha384Id">xmlSecGnuTLSTransformHmacSha384Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformHmacSha384GetKlass">xmlSecGnuTLSTransformHmacSha384GetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSTransformHmacSha512Id">xmlSecGnuTLSTransformHmacSha512Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformHmacSha512GetKlass">xmlSecGnuTLSTransformHmacSha512GetKlass</link>
+                                                        (void);
+#define             <link linkend="xmlSecGnuTLSTransformSha1Id">xmlSecGnuTLSTransformSha1Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformSha1GetKlass">xmlSecGnuTLSTransformSha1GetKlass</link>   (void);
+#define             <link linkend="xmlSecGnuTLSTransformSha256Id">xmlSecGnuTLSTransformSha256Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformSha256GetKlass">xmlSecGnuTLSTransformSha256GetKlass</link> (void);
+#define             <link linkend="xmlSecGnuTLSTransformSha384Id">xmlSecGnuTLSTransformSha384Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformSha384GetKlass">xmlSecGnuTLSTransformSha384GetKlass</link> (void);
+#define             <link linkend="xmlSecGnuTLSTransformSha512Id">xmlSecGnuTLSTransformSha512Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformSha512GetKlass">xmlSecGnuTLSTransformSha512GetKlass</link> (void);
+#define             <link linkend="xmlSecGnuTLSTransformMd5Id">xmlSecGnuTLSTransformMd5Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformMd5GetKlass">xmlSecGnuTLSTransformMd5GetKlass</link>    (void);
+#define             <link linkend="xmlSecGnuTLSTransformRipemd160Id">xmlSecGnuTLSTransformRipemd160Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link>   <link linkend="xmlSecGnuTLSTransformRipemd160GetKlass">xmlSecGnuTLSTransformRipemd160GetKlass</link>
+                                                        (void);
+</synopsis>
+</refsynopsisdiv>
+
+
+
+
+
+
+
+
+
+<refsect1 id="xmlsec-gnutls-crypto.description" role="desc">
+<title role="desc.title">Description</title>
+<para>
+Crypto transforms implementation for GnuTLS.
+</para>
+</refsect1>
+
+<refsect1 id="xmlsec-gnutls-crypto.details" role="details">
+<title role="details.title">Details</title>
+<refsect2 id="xmlSecCryptoGetFunctions-gnutls" role="function">
+<title>xmlSecCryptoGetFunctions_gnutls ()</title>
+<indexterm zone="xmlSecCryptoGetFunctions-gnutls"><primary sortas="xmlSecCryptoGetFunctions_gnutls">xmlSecCryptoGetFunctions_gnutls</primary></indexterm><programlisting><link linkend="xmlSecCryptoDLFunctions">xmlSecCryptoDLFunctionsPtr</link>  xmlSecCryptoGetFunctions_gnutls
+                                                        (void);</programlisting>
+<para>
+Gets the pointer to xmlsec-gnutls functions table.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> the xmlsec-gnutls functions table or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSInit" role="function">
+<title>xmlSecGnuTLSInit ()</title>
+<indexterm zone="xmlSecGnuTLSInit"><primary sortas="xmlSecGnuTLSInit">xmlSecGnuTLSInit</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSInit                    (void);</programlisting>
+<para>
+XMLSec library specific crypto engine initialization.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSShutdown" role="function">
+<title>xmlSecGnuTLSShutdown ()</title>
+<indexterm zone="xmlSecGnuTLSShutdown"><primary sortas="xmlSecGnuTLSShutdown">xmlSecGnuTLSShutdown</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSShutdown                (void);</programlisting>
+<para>
+XMLSec library specific crypto engine shutdown.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeysMngrInit" role="function">
+<title>xmlSecGnuTLSKeysMngrInit ()</title>
+<indexterm zone="xmlSecGnuTLSKeysMngrInit"><primary sortas="xmlSecGnuTLSKeysMngrInit">xmlSecGnuTLSKeysMngrInit</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSKeysMngrInit            (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr);</programlisting>
+<para>
+Adds GnuTLS specific key data stores in keys manager.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter>&#160;:</term>
+<listitem><simpara>               the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSGenerateRandom" role="function">
+<title>xmlSecGnuTLSGenerateRandom ()</title>
+<indexterm zone="xmlSecGnuTLSGenerateRandom"><primary sortas="xmlSecGnuTLSGenerateRandom">xmlSecGnuTLSGenerateRandom</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSGenerateRandom          (<link linkend="xmlSecBuffer">xmlSecBufferPtr</link> buffer,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> size);</programlisting>
+<para>
+Generates <parameter>size</parameter> random bytes and puts result in <parameter>buffer</parameter>.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>buffer</parameter>&#160;:</term>
+<listitem><simpara>             the destination buffer.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>size</parameter>&#160;:</term>
+<listitem><simpara>               the numer of bytes to generate.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataAesId" role="macro">
+<title>xmlSecGnuTLSKeyDataAesId</title>
+<indexterm zone="xmlSecGnuTLSKeyDataAesId"><primary sortas="xmlSecGnuTLSKeyDataAesId">xmlSecGnuTLSKeyDataAesId</primary></indexterm><programlisting>#define             xmlSecGnuTLSKeyDataAesId</programlisting>
+<para>
+The AES key data klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataAesGetKlass" role="function">
+<title>xmlSecGnuTLSKeyDataAesGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataAesGetKlass"><primary sortas="xmlSecGnuTLSKeyDataAesGetKlass">xmlSecGnuTLSKeyDataAesGetKlass</primary></indexterm><programlisting><link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link>     xmlSecGnuTLSKeyDataAesGetKlass      (void);</programlisting>
+<para>
+The AES key data klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> AES key data klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataAesSet" role="function">
+<title>xmlSecGnuTLSKeyDataAesSet ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataAesSet"><primary sortas="xmlSecGnuTLSKeyDataAesSet">xmlSecGnuTLSKeyDataAesSet</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSKeyDataAesSet           (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> bufSize);</programlisting>
+<para>
+Sets the value of AES key data.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter>&#160;:</term>
+<listitem><simpara>               the pointer to AES key data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>buf</parameter>&#160;:</term>
+<listitem><simpara>                the pointer to key value.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>bufSize</parameter>&#160;:</term>
+<listitem><simpara>            the key value size (in bytes).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes128CbcId" role="macro">
+<title>xmlSecGnuTLSTransformAes128CbcId</title>
+<indexterm zone="xmlSecGnuTLSTransformAes128CbcId"><primary sortas="xmlSecGnuTLSTransformAes128CbcId">xmlSecGnuTLSTransformAes128CbcId</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformAes128CbcId</programlisting>
+<para>
+The AES128 CBC cipher transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes128CbcGetKlass" role="function">
+<title>xmlSecGnuTLSTransformAes128CbcGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformAes128CbcGetKlass"><primary sortas="xmlSecGnuTLSTransformAes128CbcGetKlass">xmlSecGnuTLSTransformAes128CbcGetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformAes128CbcGetKlass
+                                                        (void);</programlisting>
+<para>
+AES 128 CBC encryption transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to AES 128 CBC encryption transform.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes192CbcId" role="macro">
+<title>xmlSecGnuTLSTransformAes192CbcId</title>
+<indexterm zone="xmlSecGnuTLSTransformAes192CbcId"><primary sortas="xmlSecGnuTLSTransformAes192CbcId">xmlSecGnuTLSTransformAes192CbcId</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformAes192CbcId</programlisting>
+<para>
+The AES192 CBC cipher transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes192CbcGetKlass" role="function">
+<title>xmlSecGnuTLSTransformAes192CbcGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformAes192CbcGetKlass"><primary sortas="xmlSecGnuTLSTransformAes192CbcGetKlass">xmlSecGnuTLSTransformAes192CbcGetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformAes192CbcGetKlass
+                                                        (void);</programlisting>
+<para>
+AES 192 CBC encryption transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to AES 192 CBC encryption transform.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes256CbcId" role="macro">
+<title>xmlSecGnuTLSTransformAes256CbcId</title>
+<indexterm zone="xmlSecGnuTLSTransformAes256CbcId"><primary sortas="xmlSecGnuTLSTransformAes256CbcId">xmlSecGnuTLSTransformAes256CbcId</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformAes256CbcId</programlisting>
+<para>
+The AES256 CBC cipher transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes256CbcGetKlass" role="function">
+<title>xmlSecGnuTLSTransformAes256CbcGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformAes256CbcGetKlass"><primary sortas="xmlSecGnuTLSTransformAes256CbcGetKlass">xmlSecGnuTLSTransformAes256CbcGetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformAes256CbcGetKlass
+                                                        (void);</programlisting>
+<para>
+AES 256 CBC encryption transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to AES 256 CBC encryption transform.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataDesId" role="macro">
+<title>xmlSecGnuTLSKeyDataDesId</title>
+<indexterm zone="xmlSecGnuTLSKeyDataDesId"><primary sortas="xmlSecGnuTLSKeyDataDesId">xmlSecGnuTLSKeyDataDesId</primary></indexterm><programlisting>#define             xmlSecGnuTLSKeyDataDesId</programlisting>
+<para>
+The DES key data klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataDesGetKlass" role="function">
+<title>xmlSecGnuTLSKeyDataDesGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataDesGetKlass"><primary sortas="xmlSecGnuTLSKeyDataDesGetKlass">xmlSecGnuTLSKeyDataDesGetKlass</primary></indexterm><programlisting><link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link>     xmlSecGnuTLSKeyDataDesGetKlass      (void);</programlisting>
+<para>
+The DES key data klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> DES key data klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataDesSet" role="function">
+<title>xmlSecGnuTLSKeyDataDesSet ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataDesSet"><primary sortas="xmlSecGnuTLSKeyDataDesSet">xmlSecGnuTLSKeyDataDesSet</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSKeyDataDesSet           (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> bufSize);</programlisting>
+<para>
+Sets the value of DES key data.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter>&#160;:</term>
+<listitem><simpara>               the pointer to DES key data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>buf</parameter>&#160;:</term>
+<listitem><simpara>                the pointer to key value.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>bufSize</parameter>&#160;:</term>
+<listitem><simpara>            the key value size (in bytes).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformDes3CbcId" role="macro">
+<title>xmlSecGnuTLSTransformDes3CbcId</title>
+<indexterm zone="xmlSecGnuTLSTransformDes3CbcId"><primary sortas="xmlSecGnuTLSTransformDes3CbcId">xmlSecGnuTLSTransformDes3CbcId</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformDes3CbcId</programlisting>
+<para>
+The DES3 CBC cipher transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformDes3CbcGetKlass" role="function">
+<title>xmlSecGnuTLSTransformDes3CbcGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformDes3CbcGetKlass"><primary sortas="xmlSecGnuTLSTransformDes3CbcGetKlass">xmlSecGnuTLSTransformDes3CbcGetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformDes3CbcGetKlass
+                                                        (void);</programlisting>
+<para>
+Triple DES CBC encryption transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to Triple DES encryption transform.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSHmacGetMinOutputLength" role="function">
+<title>xmlSecGnuTLSHmacGetMinOutputLength ()</title>
+<indexterm zone="xmlSecGnuTLSHmacGetMinOutputLength"><primary sortas="xmlSecGnuTLSHmacGetMinOutputLength">xmlSecGnuTLSHmacGetMinOutputLength</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSHmacGetMinOutputLength  (void);</programlisting>
+<para>
+Gets the value of min HMAC length.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> the min HMAC output length
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSHmacSetMinOutputLength" role="function">
+<title>xmlSecGnuTLSHmacSetMinOutputLength ()</title>
+<indexterm zone="xmlSecGnuTLSHmacSetMinOutputLength"><primary sortas="xmlSecGnuTLSHmacSetMinOutputLength">xmlSecGnuTLSHmacSetMinOutputLength</primary></indexterm><programlisting><link linkend="void">void</link>                xmlSecGnuTLSHmacSetMinOutputLength  (<link linkend="int">int</link> min_length);</programlisting>
+<para>
+Sets the min HMAC output length</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>min_length</parameter>&#160;:</term>
+<listitem><simpara> the new min length
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataHmacId" role="macro">
+<title>xmlSecGnuTLSKeyDataHmacId</title>
+<indexterm zone="xmlSecGnuTLSKeyDataHmacId"><primary sortas="xmlSecGnuTLSKeyDataHmacId">xmlSecGnuTLSKeyDataHmacId</primary></indexterm><programlisting>#define             xmlSecGnuTLSKeyDataHmacId</programlisting>
+<para>
+The HMAC key klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataHmacGetKlass" role="function">
+<title>xmlSecGnuTLSKeyDataHmacGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataHmacGetKlass"><primary sortas="xmlSecGnuTLSKeyDataHmacGetKlass">xmlSecGnuTLSKeyDataHmacGetKlass</primary></indexterm><programlisting><link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link>     xmlSecGnuTLSKeyDataHmacGetKlass     (void);</programlisting>
+<para>
+The HMAC key data klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> HMAC key data klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataHmacSet" role="function">
+<title>xmlSecGnuTLSKeyDataHmacSet ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataHmacSet"><primary sortas="xmlSecGnuTLSKeyDataHmacSet">xmlSecGnuTLSKeyDataHmacSet</primary></indexterm><programlisting><link linkend="int">int</link>                 xmlSecGnuTLSKeyDataHmacSet          (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+                                                         const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+                                                         <link linkend="xmlSecSize">xmlSecSize</link> bufSize);</programlisting>
+<para>
+Sets the value of HMAC key data.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter>&#160;:</term>
+<listitem><simpara>               the pointer to HMAC key data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>buf</parameter>&#160;:</term>
+<listitem><simpara>                the pointer to key value.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>bufSize</parameter>&#160;:</term>
+<listitem><simpara>            the key value size (in bytes).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> 0 on success or a negative value if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacMd5Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacMd5Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacMd5Id"><primary sortas="xmlSecGnuTLSTransformHmacMd5Id">xmlSecGnuTLSTransformHmacMd5Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformHmacMd5Id</programlisting>
+<para>
+The HMAC with MD5 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacMd5GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacMd5GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacMd5GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacMd5GetKlass">xmlSecGnuTLSTransformHmacMd5GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformHmacMd5GetKlass
+                                                        (void);</programlisting>
+<para>
+The HMAC-MD5 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> the HMAC-MD5 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacRipemd160Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacRipemd160Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacRipemd160Id"><primary sortas="xmlSecGnuTLSTransformHmacRipemd160Id">xmlSecGnuTLSTransformHmacRipemd160Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformHmacRipemd160Id</programlisting>
+<para>
+The HMAC with RipeMD160 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacRipemd160GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacRipemd160GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacRipemd160GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacRipemd160GetKlass">xmlSecGnuTLSTransformHmacRipemd160GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformHmacRipemd160GetKlass
+                                                        (void);</programlisting>
+<para>
+The HMAC-RIPEMD160 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> the HMAC-RIPEMD160 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha1Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacSha1Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha1Id"><primary sortas="xmlSecGnuTLSTransformHmacSha1Id">xmlSecGnuTLSTransformHmacSha1Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformHmacSha1Id</programlisting>
+<para>
+The HMAC with SHA1 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha1GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacSha1GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha1GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacSha1GetKlass">xmlSecGnuTLSTransformHmacSha1GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformHmacSha1GetKlass
+                                                        (void);</programlisting>
+<para>
+The HMAC-SHA1 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> the HMAC-SHA1 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha256Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacSha256Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha256Id"><primary sortas="xmlSecGnuTLSTransformHmacSha256Id">xmlSecGnuTLSTransformHmacSha256Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformHmacSha256Id</programlisting>
+<para>
+The HMAC with SHA256 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha256GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacSha256GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha256GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacSha256GetKlass">xmlSecGnuTLSTransformHmacSha256GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformHmacSha256GetKlass
+                                                        (void);</programlisting>
+<para>
+The HMAC-SHA256 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> the HMAC-SHA256 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha384Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacSha384Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha384Id"><primary sortas="xmlSecGnuTLSTransformHmacSha384Id">xmlSecGnuTLSTransformHmacSha384Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformHmacSha384Id</programlisting>
+<para>
+The HMAC with SHA384 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha384GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacSha384GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha384GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacSha384GetKlass">xmlSecGnuTLSTransformHmacSha384GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformHmacSha384GetKlass
+                                                        (void);</programlisting>
+<para>
+The HMAC-SHA384 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> the HMAC-SHA384 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha512Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacSha512Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha512Id"><primary sortas="xmlSecGnuTLSTransformHmacSha512Id">xmlSecGnuTLSTransformHmacSha512Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformHmacSha512Id</programlisting>
+<para>
+The HMAC with SHA512 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha512GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacSha512GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha512GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacSha512GetKlass">xmlSecGnuTLSTransformHmacSha512GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformHmacSha512GetKlass
+                                                        (void);</programlisting>
+<para>
+The HMAC-SHA512 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> the HMAC-SHA512 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha1Id" role="macro">
+<title>xmlSecGnuTLSTransformSha1Id</title>
+<indexterm zone="xmlSecGnuTLSTransformSha1Id"><primary sortas="xmlSecGnuTLSTransformSha1Id">xmlSecGnuTLSTransformSha1Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformSha1Id</programlisting>
+<para>
+The HMAC with SHA1 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha1GetKlass" role="function">
+<title>xmlSecGnuTLSTransformSha1GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformSha1GetKlass"><primary sortas="xmlSecGnuTLSTransformSha1GetKlass">xmlSecGnuTLSTransformSha1GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformSha1GetKlass   (void);</programlisting>
+<para>
+SHA-1 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to SHA-1 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha256Id" role="macro">
+<title>xmlSecGnuTLSTransformSha256Id</title>
+<indexterm zone="xmlSecGnuTLSTransformSha256Id"><primary sortas="xmlSecGnuTLSTransformSha256Id">xmlSecGnuTLSTransformSha256Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformSha256Id</programlisting>
+<para>
+The HMAC with SHA256 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha256GetKlass" role="function">
+<title>xmlSecGnuTLSTransformSha256GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformSha256GetKlass"><primary sortas="xmlSecGnuTLSTransformSha256GetKlass">xmlSecGnuTLSTransformSha256GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformSha256GetKlass (void);</programlisting>
+<para>
+SHA256 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to SHA256 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha384Id" role="macro">
+<title>xmlSecGnuTLSTransformSha384Id</title>
+<indexterm zone="xmlSecGnuTLSTransformSha384Id"><primary sortas="xmlSecGnuTLSTransformSha384Id">xmlSecGnuTLSTransformSha384Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformSha384Id</programlisting>
+<para>
+The HMAC with SHA384 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha384GetKlass" role="function">
+<title>xmlSecGnuTLSTransformSha384GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformSha384GetKlass"><primary sortas="xmlSecGnuTLSTransformSha384GetKlass">xmlSecGnuTLSTransformSha384GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformSha384GetKlass (void);</programlisting>
+<para>
+SHA384 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to SHA384 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha512Id" role="macro">
+<title>xmlSecGnuTLSTransformSha512Id</title>
+<indexterm zone="xmlSecGnuTLSTransformSha512Id"><primary sortas="xmlSecGnuTLSTransformSha512Id">xmlSecGnuTLSTransformSha512Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformSha512Id</programlisting>
+<para>
+The HMAC with SHA512 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha512GetKlass" role="function">
+<title>xmlSecGnuTLSTransformSha512GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformSha512GetKlass"><primary sortas="xmlSecGnuTLSTransformSha512GetKlass">xmlSecGnuTLSTransformSha512GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformSha512GetKlass (void);</programlisting>
+<para>
+SHA512 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to SHA512 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformMd5Id" role="macro">
+<title>xmlSecGnuTLSTransformMd5Id</title>
+<indexterm zone="xmlSecGnuTLSTransformMd5Id"><primary sortas="xmlSecGnuTLSTransformMd5Id">xmlSecGnuTLSTransformMd5Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformMd5Id</programlisting>
+<para>
+The MD5 digest transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformMd5GetKlass" role="function">
+<title>xmlSecGnuTLSTransformMd5GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformMd5GetKlass"><primary sortas="xmlSecGnuTLSTransformMd5GetKlass">xmlSecGnuTLSTransformMd5GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformMd5GetKlass    (void);</programlisting>
+<para>
+MD5 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to MD5 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformRipemd160Id" role="macro">
+<title>xmlSecGnuTLSTransformRipemd160Id</title>
+<indexterm zone="xmlSecGnuTLSTransformRipemd160Id"><primary sortas="xmlSecGnuTLSTransformRipemd160Id">xmlSecGnuTLSTransformRipemd160Id</primary></indexterm><programlisting>#define             xmlSecGnuTLSTransformRipemd160Id</programlisting>
+<para>
+The RIPEMD160 digest transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformRipemd160GetKlass" role="function">
+<title>xmlSecGnuTLSTransformRipemd160GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformRipemd160GetKlass"><primary sortas="xmlSecGnuTLSTransformRipemd160GetKlass">xmlSecGnuTLSTransformRipemd160GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link>   xmlSecGnuTLSTransformRipemd160GetKlass
+                                                        (void);</programlisting>
+<para>
+RIPEMD160 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis>&#160;:</term><listitem><simpara> pointer to RIPEMD160 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+
+</refsect1>
+
+
+
+
+</refentry>
diff --git a/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.bottom b/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.bottom
new file mode 100644
index 0000000..2f589ee
--- /dev/null
+++ b/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.bottom
@@ -0,0 +1,2 @@
+    &xmlsec-gnutls-app;
+    &xmlsec-gnutls-crypto;
diff --git a/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.top b/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.top
new file mode 100644
index 0000000..7e275a7
--- /dev/null
+++ b/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.top
@@ -0,0 +1,2 @@
+<!ENTITY xmlsec-gnutls-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-gnutls-crypto SYSTEM "sgml/crypto.sgml">
diff --git a/docs/api/tmpl/gcrypt/app.sgml b/docs/api/tmpl/gcrypt/app.sgml
new file mode 100644
index 0000000..68fdfcc
--- /dev/null
+++ b/docs/api/tmpl/gcrypt/app.sgml
@@ -0,0 +1,184 @@
+<!-- ##### SECTION Title ##### -->
+app
+
+<!-- ##### SECTION Short_Description ##### -->
+Application functions implementation for GnuTLS.
+
+<!-- ##### SECTION Long_Description ##### -->
+<para>
+Application functions implementation for GnuTLS.
+</para>
+
+<!-- ##### SECTION See_Also ##### -->
+<para>
+
+</para>
+
+<!-- ##### SECTION Stability_Level ##### -->
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppInit ##### -->
+<para>
+
+</para>
+
+ config: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppShutdown ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppDefaultKeysMngrInit ##### -->
+<para>
+
+</para>
+
+ mngr: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppDefaultKeysMngrAdoptKey ##### -->
+<para>
+
+</para>
+
+ mngr: 
+ key: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppDefaultKeysMngrLoad ##### -->
+<para>
+
+</para>
+
+ mngr: 
+ uri: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppDefaultKeysMngrSave ##### -->
+<para>
+
+</para>
+
+ mngr: 
+ filename: 
+ type: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeysMngrCertLoad ##### -->
+<para>
+
+</para>
+
+ mngr: 
+ filename: 
+ format: 
+ type: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeysMngrCertLoadMemory ##### -->
+<para>
+
+</para>
+
+ mngr: 
+ data: 
+ dataSize: 
+ format: 
+ type: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeyLoad ##### -->
+<para>
+
+</para>
+
+ filename: 
+ format: 
+ pwd: 
+ pwdCallback: 
+ pwdCallbackCtx: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeyLoadMemory ##### -->
+<para>
+
+</para>
+
+ data: 
+ dataSize: 
+ format: 
+ pwd: 
+ pwdCallback: 
+ pwdCallbackCtx: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppPkcs12Load ##### -->
+<para>
+
+</para>
+
+ filename: 
+ pwd: 
+ pwdCallback: 
+ pwdCallbackCtx: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppPkcs12LoadMemory ##### -->
+<para>
+
+</para>
+
+ data: 
+ dataSize: 
+ pwd: 
+ pwdCallback: 
+ pwdCallbackCtx: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeyCertLoad ##### -->
+<para>
+
+</para>
+
+ key: 
+ filename: 
+ format: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeyCertLoadMemory ##### -->
+<para>
+
+</para>
+
+ key: 
+ data: 
+ dataSize: 
+ format: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppGetDefaultPwdCallback ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
diff --git a/docs/api/tmpl/gcrypt/crypto.sgml b/docs/api/tmpl/gcrypt/crypto.sgml
new file mode 100644
index 0000000..a2d210d
--- /dev/null
+++ b/docs/api/tmpl/gcrypt/crypto.sgml
@@ -0,0 +1,396 @@
+<!-- ##### SECTION Title ##### -->
+crypto
+
+<!-- ##### SECTION Short_Description ##### -->
+Crypto transforms implementation for GnuTLS.
+
+<!-- ##### SECTION Long_Description ##### -->
+<para>
+Crypto transforms implementation for GnuTLS.
+</para>
+
+<!-- ##### SECTION See_Also ##### -->
+<para>
+
+</para>
+
+<!-- ##### SECTION Stability_Level ##### -->
+
+
+<!-- ##### FUNCTION xmlSecCryptoGetFunctions_gnutls ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSInit ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSShutdown ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeysMngrInit ##### -->
+<para>
+
+</para>
+
+ mngr: 
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSGenerateRandom ##### -->
+<para>
+
+</para>
+
+ buffer: 
+ size: 
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSKeyDataAesId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataAesGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataAesSet ##### -->
+<para>
+
+</para>
+
+ data: 
+ buf: 
+ bufSize: 
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformAes128CbcId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformAes128CbcGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformAes192CbcId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformAes192CbcGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformAes256CbcId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformAes256CbcGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSKeyDataDesId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataDesGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataDesSet ##### -->
+<para>
+
+</para>
+
+ data: 
+ buf: 
+ bufSize: 
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformDes3CbcId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformDes3CbcGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSHmacGetMinOutputLength ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSHmacSetMinOutputLength ##### -->
+<para>
+
+</para>
+
+ min_length: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSKeyDataHmacId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataHmacGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataHmacSet ##### -->
+<para>
+
+</para>
+
+ data: 
+ buf: 
+ bufSize: 
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacMd5Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacMd5GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacRipemd160Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacRipemd160GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacSha1Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacSha1GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacSha256Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacSha256GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacSha384Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacSha384GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacSha512Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacSha512GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformSha1Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformSha1GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformSha256Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformSha256GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformSha384Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformSha384GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformSha512Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformSha512GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformMd5Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformMd5GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformRipemd160Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformRipemd160GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns: 
+
+
diff --git a/docs/api/tmpl/gcrypt/xmlsec-gcrypt-unused.sgml b/docs/api/tmpl/gcrypt/xmlsec-gcrypt-unused.sgml
new file mode 100644
index 0000000..e69de29
diff --git a/docs/api/xmlsec-gcrypt.sgml b/docs/api/xmlsec-gcrypt.sgml
new file mode 100644
index 0000000..b5c2bf2
--- /dev/null
+++ b/docs/api/xmlsec-gcrypt.sgml
@@ -0,0 +1,15 @@
+<!doctype book PUBLIC "-//DavenPort//DTD DocBook V3.0//EN" [
+<!ENTITY xmlsec-gnutls-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-gnutls-crypto SYSTEM "sgml/crypto.sgml">
+]>
+<book id="index">
+  <bookinfo>
+    <title>[Insert name here] Reference Manual</title>
+  </bookinfo>
+
+  <chapter>
+    <title>[Insert title here]</title>
+    &xmlsec-gnutls-app;
+    &xmlsec-gnutls-crypto;
+  </chapter>
+</book>
diff --git a/include/xmlsec/gcrypt/Makefile.am b/include/xmlsec/gcrypt/Makefile.am
new file mode 100644
index 0000000..45b03d6
--- /dev/null
+++ b/include/xmlsec/gcrypt/Makefile.am
@@ -0,0 +1,13 @@
+NULL =
+
+xmlsecgnutlsincdir = $(includedir)/xmlsec1/xmlsec/gnutls
+
+xmlsecgnutlsinc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+$(NULL)
+
+install-exec-hook:
+	$(mkinstalldirs) $(DESTDIR)$(xmlsecgnutlsincdir)
+
diff --git a/include/xmlsec/gcrypt/app.h b/include/xmlsec/gcrypt/app.h
new file mode 100644
index 0000000..4a2f3e1
--- /dev/null
+++ b/include/xmlsec/gcrypt/app.h
@@ -0,0 +1,96 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef __XMLSEC_GNUTLS_APP_H__
+#define __XMLSEC_GNUTLS_APP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+/********************************************************************
+ *
+ * Init/shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppInit                     (const char* config);
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppShutdown                 (void);
+
+/********************************************************************
+ *
+ * Keys Manager
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppDefaultKeysMngrInit      (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppDefaultKeysMngrAdoptKey  (xmlSecKeysMngrPtr mngr,
+                                                                         xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppDefaultKeysMngrLoad      (xmlSecKeysMngrPtr mngr,
+                                                                         const char* uri);
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppDefaultKeysMngrSave      (xmlSecKeysMngrPtr mngr,
+                                                                         const char* filename,
+                                                                         xmlSecKeyDataType type);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppKeysMngrCertLoad         (xmlSecKeysMngrPtr mngr,
+                                                                         const char *filename,
+                                                                         xmlSecKeyDataFormat format,
+                                                                         xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppKeysMngrCertLoadMemory   (xmlSecKeysMngrPtr mngr,
+                                                                         const xmlSecByte* data,
+                                                                         xmlSecSize dataSize,
+                                                                         xmlSecKeyDataFormat format,
+                                                                         xmlSecKeyDataType type);
+#endif /* XMLSEC_NO_X509 */
+
+
+/********************************************************************
+ *
+ * Keys
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppKeyLoad                (const char *filename,
+                                                                         xmlSecKeyDataFormat format,
+                                                                         const char *pwd,
+                                                                         void *pwdCallback,
+                                                                         void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppKeyLoadMemory          (const xmlSecByte* data,
+                                                                         xmlSecSize dataSize,
+                                                                         xmlSecKeyDataFormat format,
+                                                                         const char *pwd,
+                                                                         void* pwdCallback,
+                                                                         void* pwdCallbackCtx);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppPkcs12Load             (const char *filename,
+                                                                         const char *pwd,
+                                                                         void* pwdCallback,
+                                                                         void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppPkcs12LoadMemory       (const xmlSecByte* data,
+                                                                         xmlSecSize dataSize,
+                                                                         const char *pwd,
+                                                                         void* pwdCallback,
+                                                                         void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppKeyCertLoad              (xmlSecKeyPtr key,
+                                                                         const char* filename,
+                                                                         xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int        xmlSecGnuTLSAppKeyCertLoadMemory        (xmlSecKeyPtr key,
+                                                                         const xmlSecByte* data,
+                                                                         xmlSecSize dataSize,
+                                                                         xmlSecKeyDataFormat format);
+#endif /* XMLSEC_NO_X509 */
+XMLSEC_CRYPTO_EXPORT void*      xmlSecGnuTLSAppGetDefaultPwdCallback    (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_APP_H__ */
+
diff --git a/include/xmlsec/gcrypt/crypto.h b/include/xmlsec/gcrypt/crypto.h
new file mode 100644
index 0000000..107ee0d
--- /dev/null
+++ b/include/xmlsec/gcrypt/crypto.h
@@ -0,0 +1,460 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef __XMLSEC_GNUTLS_CRYPTO_H__
+#define __XMLSEC_GNUTLS_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+XMLSEC_CRYPTO_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctions_gnutls(void);
+
+/********************************************************************
+ *
+ * Init shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSInit                (void);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSShutdown            (void);
+
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeysMngrInit        (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSGenerateRandom      (xmlSecBufferPtr buffer,
+                                                                         xmlSecSize size);
+
+
+/********************************************************************
+ *
+ * AES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_AES
+/**
+ * xmlSecGnuTLSKeyDataAesId:
+ *
+ * The AES key data klass.
+ */
+#define xmlSecGnuTLSKeyDataAesId \
+        xmlSecGnuTLSKeyDataAesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecGnuTLSKeyDataAesGetKlass  (void);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeyDataAesSet       (xmlSecKeyDataPtr data,
+                                                                         const xmlSecByte* buf,
+                                                                         xmlSecSize bufSize);
+/**
+ * xmlSecGnuTLSTransformAes128CbcId:
+ *
+ * The AES128 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes128CbcId \
+        xmlSecGnuTLSTransformAes128CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId  xmlSecGnuTLSTransformAes128CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformAes192CbcId:
+ *
+ * The AES192 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes192CbcId \
+        xmlSecGnuTLSTransformAes192CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId  xmlSecGnuTLSTransformAes192CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformAes256CbcId:
+ *
+ * The AES256 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes256CbcId \
+        xmlSecGnuTLSTransformAes256CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId  xmlSecGnuTLSTransformAes256CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes128Id \
+        xmlSecGnuTLSTransformKWAes128GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId  xmlSecGnuTLSTransformKWAes128GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes192Id \
+        xmlSecGnuTLSTransformKWAes192GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId  xmlSecGnuTLSTransformKWAes192GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes256Id \
+        xmlSecGnuTLSTransformKWAes256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId  xmlSecGnuTLSTransformKWAes256GetKlass(void);
+
+
+#endif /* XMLSEC_NO_AES */
+
+/********************************************************************
+ *
+ * DES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DES
+/**
+ * xmlSecGnuTLSKeyDataDesId:
+ *
+ * The DES key data klass.
+ */
+#define xmlSecGnuTLSKeyDataDesId \
+        xmlSecGnuTLSKeyDataDesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecGnuTLSKeyDataDesGetKlass  (void);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeyDataDesSet       (xmlSecKeyDataPtr data,
+                                                                         const xmlSecByte* buf,
+                                                                         xmlSecSize bufSize);
+
+/**
+ * xmlSecGnuTLSTransformDes3CbcId:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformDes3CbcId \
+        xmlSecGnuTLSTransformDes3CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformDes3CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWDes3Id:
+ *
+ * The DES3 KW transform klass.
+ */
+#define xmlSecGnuTLSTransformKWDes3Id \
+        xmlSecGnuTLSTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWDes3GetKlass(void);
+
+#endif /* XMLSEC_NO_DES */
+
+/********************************************************************
+ *
+ * DSA transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DSA
+#include <gcrypt.h>
+
+/**
+ * xmlSecGnuTLSKeyDataDsaId:
+ *
+ * The DSA key klass.
+ */
+#define xmlSecGnuTLSKeyDataDsaId \
+        xmlSecGnuTLSKeyDataDsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecGnuTLSKeyDataDsaGetKlass          (void);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeyDataDsaAdoptKey          (xmlSecKeyDataPtr data,
+                                                                                 gcry_sexp_t dsa_key);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeyDataDsaAdoptKeyPair      (xmlSecKeyDataPtr data,
+                                                                                 gcry_sexp_t pub_key,
+                                                                                 gcry_sexp_t priv_key);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t        xmlSecGnuTLSKeyDataDsaGetPublicKey      (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t        xmlSecGnuTLSKeyDataDsaGetPrivateKey     (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformDsaSha1Id:
+ *
+ * The DSA SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformDsaSha1Id \
+        xmlSecGnuTLSTransformDsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformDsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+
+
+/********************************************************************
+ *
+ * HMAC transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int               xmlSecGnuTLSHmacGetMinOutputLength(void);
+XMLSEC_CRYPTO_EXPORT void              xmlSecGnuTLSHmacSetMinOutputLength(int min_length);
+
+/**
+ * xmlSecGnuTLSKeyDataHmacId:
+ *
+ * The HMAC key klass.
+ */
+#define xmlSecGnuTLSKeyDataHmacId \
+        xmlSecGnuTLSKeyDataHmacGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecGnuTLSKeyDataHmacGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeyDataHmacSet      (xmlSecKeyDataPtr data,
+                                                                         const xmlSecByte* buf,
+                                                                         xmlSecSize bufSize);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacMd5Id \
+        xmlSecGnuTLSTransformHmacMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacMd5GetKlass(void);
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformHmacRipemd160Id:
+ *
+ * The HMAC with RipeMD160 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacRipemd160Id \
+        xmlSecGnuTLSTransformHmacRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha1Id \
+        xmlSecGnuTLSTransformHmacSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha256Id \
+        xmlSecGnuTLSTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha384Id \
+        xmlSecGnuTLSTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha512Id \
+        xmlSecGnuTLSTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+/********************************************************************
+ *
+ * RSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RSA
+#include <gcrypt.h>
+
+/**
+ * xmlSecGnuTLSKeyDataRsaId:
+ *
+ * The RSA key klass.
+ */
+#define xmlSecGnuTLSKeyDataRsaId \
+        xmlSecGnuTLSKeyDataRsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecGnuTLSKeyDataRsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeyDataRsaAdoptKey          (xmlSecKeyDataPtr data,
+                                                                                 gcry_sexp_t rsa_key);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeyDataRsaAdoptKeyPair      (xmlSecKeyDataPtr data,
+                                                                                 gcry_sexp_t pub_key,
+                                                                                 gcry_sexp_t priv_key);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t        xmlSecGnuTLSKeyDataRsaGetPublicKey      (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t        xmlSecGnuTLSKeyDataRsaGetPrivateKey     (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformRsaMd5Id:
+ *
+ * The RSA-MD5 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaMd5Id  \
+        xmlSecGnuTLSTransformRsaMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformRsaRipemd160Id:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaRipemd160Id    \
+        xmlSecGnuTLSTransformRsaRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformRsaSha1Id:
+ *
+ * The RSA-SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha1Id \
+        xmlSecGnuTLSTransformRsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha256Id       \
+        xmlSecGnuTLSTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha384Id       \
+        xmlSecGnuTLSTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha512Id       \
+        xmlSecGnuTLSTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+/********************************************************************
+ *
+ * SHA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha1Id \
+        xmlSecGnuTLSTransformSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha256Id \
+        xmlSecGnuTLSTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha384Id \
+        xmlSecGnuTLSTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha512Id \
+        xmlSecGnuTLSTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/********************************************************************
+ *
+ * Md5 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecGnuTLSTransformMd5Id \
+        xmlSecGnuTLSTransformMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+
+/********************************************************************
+ *
+ * RipeMD160 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformRipemd160Id:
+ *
+ * The RIPEMD160 digest transform klass.
+ */
+#define xmlSecGnuTLSTransformRipemd160Id \
+        xmlSecGnuTLSTransformRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_CRYPTO_H__ */
+
+#define __XMLSEC_GNUTLS_CRYPTO_H__
diff --git a/include/xmlsec/gcrypt/symbols.h b/include/xmlsec/gcrypt/symbols.h
new file mode 100644
index 0000000..818035d
--- /dev/null
+++ b/include/xmlsec/gcrypt/symbols.h
@@ -0,0 +1,104 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef __XMLSEC_GNUTLS_SYMBOLS_H__
+#define __XMLSEC_GNUTLS_SYMBOLS_H__
+
+#if !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To disable dynamic loading of xmlsec-crypto libraries undefine XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifdef XMLSEC_CRYPTO_GNUTLS
+
+/********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+#define xmlSecCryptoInit                        xmlSecGnuTLSInit
+#define xmlSecCryptoShutdown                    xmlSecGnuTLSShutdown
+
+#define xmlSecCryptoKeysMngrInit                xmlSecGnuTLSKeysMngrInit
+
+/********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#define xmlSecKeyDataAesId                      xmlSecGnuTLSKeyDataAesId
+#define xmlSecKeyDataDesId                      xmlSecGnuTLSKeyDataDesId
+#define xmlSecKeyDataDsaId                      xmlSecGnuTLSKeyDataDsaId
+#define xmlSecKeyDataHmacId                     xmlSecGnuTLSKeyDataHmacId
+#define xmlSecKeyDataRsaId                      xmlSecGnuTLSKeyDataRsaId
+#define xmlSecKeyDataX509Id                     xmlSecGnuTLSKeyDataX509Id
+#define xmlSecKeyDataRawX509CertId              xmlSecGnuTLSKeyDataRawX509CertId
+
+/********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#define xmlSecX509StoreId                       xmlSecGnuTLSX509StoreId
+
+/********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+#define xmlSecTransformAes128CbcId              xmlSecGnuTLSTransformAes128CbcId
+#define xmlSecTransformAes192CbcId              xmlSecGnuTLSTransformAes192CbcId
+#define xmlSecTransformAes256CbcId              xmlSecGnuTLSTransformAes256CbcId
+#define xmlSecTransformKWAes128Id               xmlSecGnuTLSTransformKWAes128Id
+#define xmlSecTransformKWAes192Id               xmlSecGnuTLSTransformKWAes192Id
+#define xmlSecTransformKWAes256Id               xmlSecGnuTLSTransformKWAes256Id
+#define xmlSecTransformDes3CbcId                xmlSecGnuTLSTransformDes3CbcId
+#define xmlSecTransformKWDes3Id                 xmlSecGnuTLSTransformKWDes3Id
+#define xmlSecTransformDsaSha1Id                xmlSecGnuTLSTransformDsaSha1Id
+#define xmlSecTransformHmacMd5Id                xmlSecGnuTLSTransformHmacMd5Id
+#define xmlSecTransformHmacRipemd160Id          xmlSecGnuTLSTransformHmacRipemd160Id
+#define xmlSecTransformHmacSha1Id               xmlSecGnuTLSTransformHmacSha1Id
+#define xmlSecTransformRipemd160Id              xmlSecGnuTLSTransformRipemd160Id
+#define xmlSecTransformRsaSha1Id                xmlSecGnuTLSTransformRsaSha1Id
+#define xmlSecTransformRsaPkcs1Id               xmlSecGnuTLSTransformRsaPkcs1Id
+#define xmlSecTransformRsaOaepId                xmlSecGnuTLSTransformRsaOaepId
+#define xmlSecTransformSha1Id                   xmlSecGnuTLSTransformSha1Id
+
+/********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+#define xmlSecCryptoAppInit                     xmlSecGnuTLSAppInit
+#define xmlSecCryptoAppShutdown                 xmlSecGnuTLSAppShutdown
+#define xmlSecCryptoAppDefaultKeysMngrInit      xmlSecGnuTLSAppDefaultKeysMngrInit
+#define xmlSecCryptoAppDefaultKeysMngrAdoptKey  xmlSecGnuTLSAppDefaultKeysMngrAdoptKey
+#define xmlSecCryptoAppDefaultKeysMngrLoad      xmlSecGnuTLSAppDefaultKeysMngrLoad
+#define xmlSecCryptoAppDefaultKeysMngrSave      xmlSecGnuTLSAppDefaultKeysMngrSave
+#define xmlSecCryptoAppKeysMngrCertLoad         xmlSecGnuTLSAppKeysMngrCertLoad
+#define xmlSecCryptoAppKeysMngrCertLoadMemory   xmlSecGnuTLSAppKeysMngrCertLoadMemory
+#define xmlSecCryptoAppKeyLoad                  xmlSecGnuTLSAppKeyLoad
+#define xmlSecCryptoAppPkcs12Load               xmlSecGnuTLSAppPkcs12Load
+#define xmlSecCryptoAppKeyCertLoad              xmlSecGnuTLSAppKeyCertLoad
+#define xmlSecCryptoAppKeyLoadMemory            xmlSecGnuTLSAppKeyLoadMemory
+#define xmlSecCryptoAppPkcs12LoadMemory         xmlSecGnuTLSAppPkcs12LoadMemory
+#define xmlSecCryptoAppKeyCertLoadMemory        xmlSecGnuTLSAppKeyCertLoadMemory
+#define xmlSecCryptoAppGetDefaultPwdCallback    xmlSecGnuTLSAppGetDefaultPwdCallback
+
+#endif /* XMLSEC_CRYPTO_GNUTLS */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_CRYPTO_H__ */
+
+#define __XMLSEC_GNUTLS_CRYPTO_H__
diff --git a/src/gcrypt/Makefile.am b/src/gcrypt/Makefile.am
new file mode 100644
index 0000000..4e12161
--- /dev/null
+++ b/src/gcrypt/Makefile.am
@@ -0,0 +1,51 @@
+NULL =
+
+EXTRA_DIST = \
+	README \
+	$(NULL)
+
+lib_LTLIBRARIES = \
+	libxmlsec1-gnutls.la \
+	$(NULL)
+
+libxmlsec1_gnutls_la_CPPFLAGS = \
+	-DPACKAGE=\"@PACKAGE \" \
+	-I../../include \
+	-I$(top_srcdir)/include \
+	$(XMLSEC_DEFINES) \
+	$(GNUTLS_CFLAGS) \
+	$(LIBXSLT_CFLAGS) \
+	$(LIBXML_CFLAGS) \
+	$(NULL)
+
+libxmlsec1_gnutls_la_SOURCES =\
+	app.c \
+	ciphers.c \
+	crypto.c \
+	digests.c \
+	hmac.c \
+	kw_aes.c \
+	kw_des.c \
+	symkeys.c \
+	asymkeys.c \
+	globals.h \
+	$(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_gnutls_la_SOURCES += ../strings.c
+endif
+
+libxmlsec1_gnutls_la_LIBADD = \
+	$(GNUTLS_LIBS) \
+	$(LIBXSLT_LIBS) \
+	$(LIBXML_LIBS) \
+	../libxmlsec1.la \
+	$(NULL)
+
+libxmlsec1_gnutls_la_DEPENDENCIES = \
+	$(NULL)
+
+libxmlsec1_gnutls_la_LDFLAGS = \
+	@XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+	-version-info @XMLSEC_VERSION_INFO@ \
+	$(NULL)
diff --git a/src/gcrypt/README b/src/gcrypt/README
new file mode 100644
index 0000000..23f7d8a
--- /dev/null
+++ b/src/gcrypt/README
@@ -0,0 +1,9 @@
+The xmlsec-gnutls implementation is really limited and is not ready
+for production use. The only supported crypto transforms are:
+
+    - HMAC
+    - Tripple DES
+    - AES [128|192|256]
+    - SHA1
+
+
diff --git a/src/gcrypt/app.c b/src/gcrypt/app.c
new file mode 100644
index 0000000..264a489
--- /dev/null
+++ b/src/gcrypt/app.c
@@ -0,0 +1,509 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+/**
+ * xmlSecGnuTLSAppInit:
+ * @config:             the path to GnuTLS configuration (unused).
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppInit(const char* config ATTRIBUTE_UNUSED) {
+    int ret;
+
+    ret = gnutls_global_init();
+    if(ret != 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gnutls_global_init",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        return(-1);
+    }
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppShutdown(void) {
+    gnutls_global_deinit();
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppKeyLoad:
+ * @filename:           the key filename.
+ * @format:             the key file format.
+ * @pwd:                the key file password.
+ * @pwdCallback:        the key password callback.
+ * @pwdCallbackCtx:     the user context for password callback.
+ *
+ * Reads key from the a file (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+                        const char *pwd,
+                        void* pwdCallback,
+                        void* pwdCallbackCtx) {
+    xmlSecAssert2(filename != NULL, NULL);
+    xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+
+    if (format == xmlSecKeyDataFormatPkcs12) {
+        return (xmlSecGnuTLSAppPkcs12Load(filename, pwd, pwdCallback,
+                                          pwdCallbackCtx));
+    }
+
+    /* TODO */
+    xmlSecError(XMLSEC_ERRORS_HERE,
+                NULL,
+                "xmlSecGnuTLSAppKeyLoad",
+                XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                XMLSEC_ERRORS_NO_MESSAGE);
+    return(NULL);
+}
+
+/**
+ * xmlSecGnuTLSAppKeyLoadMemory:
+ * @data:               the binary key data.
+ * @dataSize:           the size of binary key.
+ * @format:             the key file format.
+ * @pwd:                the key file password.
+ * @pwdCallback:        the key password callback.
+ * @pwdCallbackCtx:     the user context for password callback.
+ *
+ * Reads key from the memory buffer (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+                        xmlSecKeyDataFormat format, const char *pwd,
+                        void* pwdCallback, void* pwdCallbackCtx) {
+    xmlSecAssert2(data != NULL, NULL);
+    xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+    if (format == xmlSecKeyDataFormatPkcs12) {
+        return (xmlSecGnuTLSAppPkcs12LoadMemory(data, dataSize, pwd,
+                                        pwdCallback, pwdCallbackCtx));
+    }
+
+    /* TODO */
+    xmlSecError(XMLSEC_ERRORS_HERE,
+                NULL,
+                "xmlSecGnuTLSAppKeyLoadMemory",
+                XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                XMLSEC_ERRORS_NO_MESSAGE);
+    return(NULL);
+}
+
+#ifndef XMLSEC_NO_X509
+/**
+ * xmlSecGnuTLSAppKeyCertLoad:
+ * @key:                the pointer to key.
+ * @filename:           the certificate filename.
+ * @format:             the certificate file format.
+ *
+ * Reads the certificate from $ filename and adds it to key
+ * (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+                          xmlSecKeyDataFormat format) {
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(filename != NULL, -1);
+    xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+    /* TODO */
+    xmlSecError(XMLSEC_ERRORS_HERE,
+                NULL,
+                "xmlSecGnuTLSAppKeyCertLoad",
+                XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                XMLSEC_ERRORS_NO_MESSAGE);
+    return(-1);
+}
+
+/**
+ * xmlSecGnuTLSAppKeyCertLoadMemory:
+ * @key:                the pointer to key.
+ * @data:               the certificate binary data.
+ * @dataSize:           the certificate binary data size.
+ * @format:             the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeyCertLoadMemory(xmlSecKeyPtr key,
+                                 const xmlSecByte* data,
+                                 xmlSecSize dataSize,
+                                 xmlSecKeyDataFormat format) {
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(data != NULL, -1);
+    xmlSecAssert2(dataSize > 0, -1);
+    xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+    /* TODO */
+    xmlSecError(XMLSEC_ERRORS_HERE,
+                NULL,
+                "xmlSecGnuTLSAppKeyCertLoadMemory",
+                XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                XMLSEC_ERRORS_NO_MESSAGE);
+    return(-1);
+}
+
+/**
+ * xmlSecGnuTLSAppPkcs12Load:
+ * @filename:           the PKCS12 key filename.
+ * @pwd:                the PKCS12 file password.
+ * @pwdCallback:        the password callback.
+ * @pwdCallbackCtx:     the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file
+ * (not implemented yet).
+ * For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12Load(const char *filename,
+                          const char *pwd ATTRIBUTE_UNUSED,
+                          void* pwdCallback ATTRIBUTE_UNUSED,
+                          void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+    xmlSecAssert2(filename != NULL, NULL);
+
+    /* TODO */
+    xmlSecError(XMLSEC_ERRORS_HERE,
+                NULL,
+                "xmlSecGnuTLSAppPkcs12Load",
+                XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                XMLSEC_ERRORS_NO_MESSAGE);
+    return(NULL);
+}
+
+/**
+ * xmlSecGnuTLSAppPkcs12LoadMemory:
+ * @data:               the PKCS12 binary data.
+ * @dataSize:           the PKCS12 binary data size.
+ * @pwd:                the PKCS12 file password.
+ * @pwdCallback:        the password callback.
+ * @pwdCallbackCtx:     the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 data in memory buffer.
+ * For uniformity, call xmlSecGnuTLSAppKeyLoadMemory instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+                           const char *pwd ATTRIBUTE_UNUSED,
+                           void* pwdCallback ATTRIBUTE_UNUSED,
+                           void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+    xmlSecAssert2(data != NULL, NULL);
+    xmlSecAssert2(dataSize > 0, NULL);
+
+    /* TODO */
+    xmlSecError(XMLSEC_ERRORS_HERE,
+                NULL,
+                "xmlSecGnuTLSAppPkcs12LoadMemory",
+                XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                XMLSEC_ERRORS_NO_MESSAGE);
+    return(NULL);
+}
+
+/**
+ * xmlSecGnuTLSAppKeysMngrCertLoad:
+ * @mngr:               the keys manager.
+ * @filename:           the certificate file.
+ * @format:             the certificate file format.
+ * @type:               the flag that indicates is the certificate in @filename
+ *                      trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, 
+                                const char *filename,
+                                xmlSecKeyDataFormat format,
+                                xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+    xmlSecAssert2(mngr != NULL, -1);
+    xmlSecAssert2(filename != NULL, -1);
+    xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+    /* TODO */
+    xmlSecError(XMLSEC_ERRORS_HERE,
+                NULL,
+                "xmlSecGnuTLSAppKeysMngrCertLoad",
+                XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                XMLSEC_ERRORS_NO_MESSAGE);
+    return(-1);
+}
+
+/**
+ * xmlSecGnuTLSAppKeysMngrCertLoadMemory:
+ * @mngr:               the keys manager.
+ * @data:               the certificate binary data.
+ * @dataSize:           the certificate binary data size.
+ * @format:             the certificate file format.
+ * @type:               the flag that indicates is the certificate trusted or not.
+ *
+ * Reads cert from binary buffer @data and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+                                      const xmlSecByte* data,
+                                      xmlSecSize dataSize,
+                                      xmlSecKeyDataFormat format,
+                                      xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+    xmlSecAssert2(mngr != NULL, -1);
+    xmlSecAssert2(data != NULL, -1);
+    xmlSecAssert2(dataSize > 0, -1);
+    xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+    /* TODO */
+    xmlSecError(XMLSEC_ERRORS_HERE,
+                NULL,
+                "xmlSecGnuTLSAppKeysMngrCertLoadMemory",
+                XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                XMLSEC_ERRORS_NO_MESSAGE);
+    return(-1);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrInit:
+ * @mngr:               the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default GnuTLS crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+    int ret;
+
+    xmlSecAssert2(mngr != NULL, -1);
+
+    /* create simple keys store if needed */
+    if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+        xmlSecKeyStorePtr keysStore;
+
+        keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+        if(keysStore == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlSecKeyStoreCreate",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "xmlSecSimpleKeysStoreId");
+            return(-1);
+        }
+
+        ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlSecKeysMngrAdoptKeysStore",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            xmlSecKeyStoreDestroy(keysStore);
+            return(-1);
+        }
+    }
+
+    ret = xmlSecGnuTLSKeysMngrInit(mngr);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecGnuTLSKeysMngrInit",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    /* TODO */
+    mngr->getKey = xmlSecKeysMngrGetKey;
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrAdoptKey:
+ * @mngr:               the pointer to keys manager.
+ * @key:                the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecGnuTLSAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+    xmlSecKeyStorePtr store;
+    int ret;
+
+    xmlSecAssert2(mngr != NULL, -1);
+    xmlSecAssert2(key != NULL, -1);
+
+    store = xmlSecKeysMngrGetKeysStore(mngr);
+    if(store == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecKeysMngrGetKeysStore",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecSimpleKeysStoreAdoptKey",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrLoad:
+ * @mngr:               the pointer to keys manager.
+ * @uri:                the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecGnuTLSAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+    xmlSecKeyStorePtr store;
+    int ret;
+
+    xmlSecAssert2(mngr != NULL, -1);
+    xmlSecAssert2(uri != NULL, -1);
+
+    store = xmlSecKeysMngrGetKeysStore(mngr);
+    if(store == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecKeysMngrGetKeysStore",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecSimpleKeysStoreLoad",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "uri=%s", xmlSecErrorsSafeString(uri));
+        return(-1);
+    }
+
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrSave:
+ * @mngr:               the pointer to keys manager.
+ * @filename:           the destination filename.
+ * @type:               the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to  XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
+    xmlSecKeyStorePtr store;
+    int ret;
+
+    xmlSecAssert2(mngr != NULL, -1);
+    xmlSecAssert2(filename != NULL, -1);
+
+    store = xmlSecKeysMngrGetKeysStore(mngr);
+    if(store == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecKeysMngrGetKeysStore",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = xmlSecSimpleKeysStoreSave(store, filename, type);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecSimpleKeysStoreSave",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "filename=%s",
+                    xmlSecErrorsSafeString(filename));
+        return(-1);
+    }
+
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecGnuTLSAppGetDefaultPwdCallback(void) {
+    return(NULL);
+}
+
diff --git a/src/gcrypt/asymkeys.c b/src/gcrypt/asymkeys.c
new file mode 100644
index 0000000..992374b
--- /dev/null
+++ b/src/gcrypt/asymkeys.c
@@ -0,0 +1,1922 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * Helpers
+ *
+ *************************************************************************/
+static gcry_sexp_t              xmlSecGnuTLSAsymSExpDup          (gcry_sexp_t sexp);
+
+
+/**************************************************************************
+ *
+ * Internal GnuTLS asym key CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecGnuTLSAsymKeyDataCtx       xmlSecGnuTLSAsymKeyDataCtx,
+                                                *xmlSecGnuTLSAsymKeyDataCtxPtr;
+struct _xmlSecGnuTLSAsymKeyDataCtx {
+    gcry_sexp_t pub_key;
+    gcry_sexp_t priv_key;
+};
+
+/******************************************************************************
+ *
+ * Asym key (dsa/rsa)
+ *
+ * xmlSecGnuTLSAsymKeyDataCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSAsymKeyDataSize     \
+    (sizeof(xmlSecKeyData) + sizeof(xmlSecGnuTLSAsymKeyDataCtx))
+#define xmlSecGnuTLSAsymKeyDataGetCtx(data) \
+    ((xmlSecGnuTLSAsymKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int              xmlSecGnuTLSAsymKeyDataInitialize       (xmlSecKeyDataPtr data);
+static int              xmlSecGnuTLSAsymKeyDataDuplicate        (xmlSecKeyDataPtr dst,
+                                                                 xmlSecKeyDataPtr src);
+static void             xmlSecGnuTLSAsymKeyDataFinalize         (xmlSecKeyDataPtr data);
+
+static int              xmlSecGnuTLSAsymKeyDataAdoptKey         (xmlSecKeyDataPtr data,
+                                                                 gcry_sexp_t key_pair);
+static int              xmlSecGnuTLSAsymKeyDataAdoptKeyPair     (xmlSecKeyDataPtr data,
+                                                                 gcry_sexp_t pub_key,
+                                                                 gcry_sexp_t priv_key);
+static gcry_sexp_t      xmlSecGnuTLSAsymKeyDataGetPublicKey     (xmlSecKeyDataPtr data);
+static gcry_sexp_t      xmlSecGnuTLSAsymKeyDataGetPrivateKey    (xmlSecKeyDataPtr data);
+static int              xmlSecGnuTLSAsymKeyDataGenerate         (xmlSecKeyDataPtr data,
+                                                                 const char * alg,
+                                                                 xmlSecSize key_size);
+static xmlSecKeyDataType xmlSecGnuTLSAsymKeyDataGetType         (xmlSecKeyDataPtr data);
+static xmlSecSize       xmlSecGnuTLSAsymKeyDataGetSize          (xmlSecKeyDataPtr data);
+
+
+static int
+xmlSecGnuTLSAsymKeyDataInitialize(xmlSecKeyDataPtr data) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), -1);
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    memset(ctx, 0, sizeof(xmlSecGnuTLSAsymKeyDataCtx));
+
+    return(0);
+}
+
+static int
+xmlSecGnuTLSAsymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctxDst;
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctxSrc;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecGnuTLSAsymKeyDataSize), -1);
+    xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecGnuTLSAsymKeyDataSize), -1);
+
+    ctxDst = xmlSecGnuTLSAsymKeyDataGetCtx(dst);
+    xmlSecAssert2(ctxDst != NULL, -1);
+    xmlSecAssert2(ctxDst->pub_key == NULL, -1);
+    xmlSecAssert2(ctxDst->priv_key == NULL, -1);
+
+    ctxSrc = xmlSecGnuTLSAsymKeyDataGetCtx(src);
+    xmlSecAssert2(ctxSrc != NULL, -1);
+
+    if(ctxSrc->pub_key != NULL) {
+        ctxDst->pub_key = xmlSecGnuTLSAsymSExpDup(ctxSrc->pub_key);
+        if(ctxDst->pub_key == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+                        "xmlSecGnuTLSAsymSExpDup(pub_key)",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(-1);
+        }
+    }
+
+    if(ctxSrc->priv_key != NULL) {
+        ctxDst->priv_key = xmlSecGnuTLSAsymSExpDup(ctxSrc->priv_key);
+        if(ctxDst->priv_key == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+                        "xmlSecGnuTLSAsymSExpDup(priv_key)",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(-1);
+        }
+    }
+
+    return(0);
+}
+
+static void
+xmlSecGnuTLSAsymKeyDataFinalize(xmlSecKeyDataPtr data) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+    xmlSecAssert(xmlSecKeyDataIsValid(data));
+    xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize));
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert(ctx != NULL);
+
+    if(ctx->pub_key != NULL) {
+        gcry_sexp_release(ctx->pub_key);
+    }
+    if(ctx->priv_key != NULL) {
+        gcry_sexp_release(ctx->priv_key);
+    }
+    memset(ctx, 0, sizeof(xmlSecGnuTLSAsymKeyDataCtx));
+}
+
+static int
+xmlSecGnuTLSAsymKeyDataAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t key_pair) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+    gcry_sexp_t pub_key = NULL;
+    gcry_sexp_t priv_key = NULL;
+    int res = -1;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), -1);
+    xmlSecAssert2(key_pair != NULL, -1);
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    /* split the key pair, public part should be always present, private might 
+       not be present */
+    pub_key = gcry_sexp_find_token(key_pair, "public-key", 0);
+    if(pub_key == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_find_token(public-key)",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    priv_key = gcry_sexp_find_token(key_pair, "private-key", 0);
+
+    /* assign */
+    if(xmlSecGnuTLSAsymKeyDataAdoptKeyPair(data, pub_key, priv_key) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecGnuTLSAsymKeyDataAdoptKeyPair",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    pub_key = NULL; /* data owns it now */
+    priv_key = NULL; /* data owns it now */
+
+    /* success */
+    res = 0;
+
+done:
+    if(pub_key != NULL) {
+        gcry_sexp_release(pub_key);
+    }
+
+    if(priv_key != NULL) {
+        gcry_sexp_release(priv_key);
+    }
+
+    /* done */
+    return(res);
+}
+
+static int
+xmlSecGnuTLSAsymKeyDataAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), -1);
+    xmlSecAssert2(pub_key != NULL, -1); /* public key should present always */
+/*
+    aleksey - we don't set optional parameters for RSA keys (p, k, u) and
+    because of that we can't actually test the key
+
+    xmlSecAssert2(((priv_key == NULL) || (gcry_pk_testkey(priv_key) == GPG_ERR_NO_ERROR)), -1);
+*/
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    /* release prev values and assign new ones */
+    if(ctx->pub_key != NULL) {
+        gcry_sexp_release(ctx->pub_key);
+    }
+    if(ctx->priv_key != NULL) {
+        gcry_sexp_release(ctx->priv_key);
+    }
+
+    ctx->pub_key = pub_key;
+    ctx->priv_key = priv_key;
+
+    /* done */
+    return(0);
+}
+
+static gcry_sexp_t
+xmlSecGnuTLSAsymKeyDataGetPublicKey(xmlSecKeyDataPtr data) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), NULL);
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, NULL);
+
+    return(ctx->pub_key);
+}
+
+static gcry_sexp_t
+xmlSecGnuTLSAsymKeyDataGetPrivateKey(xmlSecKeyDataPtr data) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), NULL);
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, NULL);
+
+    return(ctx->priv_key);
+}
+
+static int
+xmlSecGnuTLSAsymKeyDataGenerate(xmlSecKeyDataPtr data, const char * alg, xmlSecSize key_size) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+    gcry_sexp_t key_spec = NULL;
+    gcry_sexp_t key_pair = NULL;
+    gcry_error_t err;
+    int ret;
+    int res = -1;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), -1);
+    xmlSecAssert2(alg != NULL, -1);
+    xmlSecAssert2(key_size > 0, -1);
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    err = gcry_sexp_build(&key_spec, NULL,
+                          "(genkey (%s (nbits %d)(transient-key)))",
+                          alg, (int)key_size);
+    if((err != GPG_ERR_NO_ERROR) || (key_spec == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_build(genkey)",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "err=%d", (int)err);
+        goto done;
+    }
+
+    err = gcry_pk_genkey(&key_pair, key_spec);
+    if((err != GPG_ERR_NO_ERROR) || (key_pair == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_pk_genkey",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "err=%d", (int)err);
+        goto done;
+    }
+
+    ret = xmlSecGnuTLSAsymKeyDataAdoptKey(data, key_pair);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecGnuTLSAsymKeyDataAdopt",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "ret=%d", (int)ret);
+        goto done;
+    }
+    key_pair = NULL; /* now owned by data */
+
+    /* success */
+    res = 0;
+
+done:
+    if(key_spec != NULL) {
+        gcry_sexp_release(key_spec);
+    }
+    if(key_pair != NULL) {
+        gcry_sexp_release(key_pair);
+    }
+
+    return(res);
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSAsymKeyDataGetType(xmlSecKeyDataPtr data) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown);
+
+    if((ctx->priv_key != NULL) && (ctx->pub_key != NULL)) {
+        return (xmlSecKeyDataTypePrivate);
+    } else if(ctx->pub_key != NULL) {
+        return (xmlSecKeyDataTypePublic);
+    }
+
+    return (xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGnuTLSAsymKeyDataGetSize(xmlSecKeyDataPtr data) {
+    xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+    ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, 0);
+
+    /* use pub key since it is more often you have it than not */
+    return (ctx->pub_key != NULL) ? gcry_pk_get_nbits(ctx->pub_key) : 0;
+}
+
+/******************************************************************************
+ *
+ * helper functions
+ *
+ *****************************************************************************/
+static gcry_sexp_t
+xmlSecGnuTLSAsymSExpDup(gcry_sexp_t pKey) {
+    gcry_sexp_t res = NULL;
+    xmlSecByte *buf = NULL;
+    gcry_error_t ret;
+    size_t size;
+
+    xmlSecAssert2(pKey != NULL, NULL);
+
+    size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+    if(size == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_sprint",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+
+    buf = (xmlSecByte *)xmlMalloc(size);
+    if(buf == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlMalloc",
+                    XMLSEC_ERRORS_R_MALLOC_FAILED,
+                    "size=%d", (int)size);
+        goto done;
+    }
+
+    size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, buf, size);
+    if(size == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_sprint",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "size=%d", (int)size);
+        goto done;
+    }
+
+    ret = gcry_sexp_new(&res, buf, size, 1);
+    if((ret != GPG_ERR_NO_ERROR) || (res == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_new",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", (int)ret);
+        goto done;
+    }
+
+done:
+    if(buf != NULL) {
+        xmlFree(buf);
+    }
+    return (res);
+}
+
+/**
+ * xmlSecGnuTLSNodeGetMpiValue:
+ * @cur: the poitner to an XML node.
+ *
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * to a BIGNUM. If no BIGNUM buffer provided then a new
+ * BIGNUM is created (caller is responsible for freeing it).
+ *
+ * Returns: a pointer to MPI produced from CryptoBinary string
+ * or NULL if an error occurs.
+ */
+static gcry_mpi_t
+xmlSecGnuTLSNodeGetMpiValue(const xmlNodePtr cur) {
+    xmlSecBuffer buf;
+    gcry_mpi_t res = NULL;
+    gcry_error_t err;
+    int ret;
+
+    xmlSecAssert2(cur != NULL, NULL);
+
+    ret = xmlSecBufferInitialize(&buf, 128);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferInitialize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+
+    ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferBase64NodeContentRead",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        xmlSecBufferFinalize(&buf);
+        return(NULL);
+    }
+
+    err = gcry_mpi_scan(&res, GCRYMPI_FMT_USG,
+                         xmlSecBufferGetData(&buf),
+                         xmlSecBufferGetSize(&buf),
+                         NULL);
+    if((err != GPG_ERR_NO_ERROR) || (res == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_mpi_scan",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "err=%d", (int)err);
+        xmlSecBufferFinalize(&buf);
+        return(NULL);
+    }
+
+    /* done */
+    xmlSecBufferFinalize(&buf);
+    return(res);
+}
+
+/**
+ * xmlSecGnuTLSNodeSetMpiValue:
+ * @cur: the pointer to an XML node.
+ * @a: the mpi value
+ * @addLineBreaks: if the flag is equal to 1 then
+ *              linebreaks will be added before and after
+ *              new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGnuTLSNodeSetMpiValue(xmlNodePtr cur, const gcry_mpi_t a, int addLineBreaks) {
+    xmlSecBuffer buf;
+    gcry_error_t err;
+    size_t written = 0;
+    int ret;
+
+    xmlSecAssert2(a != NULL, -1);
+    xmlSecAssert2(cur != NULL, -1);
+
+    written = 0;
+    err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a);
+    if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_mpi_print",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "err=%d", (int)err);
+        return(-1);
+    }
+
+    ret = xmlSecBufferInitialize(&buf, written + 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferInitialize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", (int)written + 1);
+        return(-1);
+    }
+
+    written = 0;
+    err = gcry_mpi_print(GCRYMPI_FMT_USG,
+            xmlSecBufferGetData(&buf),
+            xmlSecBufferGetMaxSize(&buf),
+            &written, a);
+    if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_mpi_print",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "err=%d,size=%d",
+                    (int)err, (int)xmlSecBufferGetMaxSize(&buf));
+        xmlSecBufferFinalize(&buf);
+        return(-1);
+    }
+
+    ret = xmlSecBufferSetSize(&buf, written);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferSetSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "written=%d", (int)written);
+        xmlSecBufferFinalize(&buf);
+        return(-1);
+    }
+
+    if(addLineBreaks) {
+        xmlNodeSetContent(cur, xmlSecStringCR);
+    } else {
+        xmlNodeSetContent(cur, xmlSecStringEmpty);
+    }
+
+    ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferBase64NodeContentWrite",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        xmlSecBufferFinalize(&buf);
+        return(-1);
+    }
+
+    if(addLineBreaks) {
+        xmlNodeAddContent(cur, xmlSecStringCR);
+    }
+
+    xmlSecBufferFinalize(&buf);
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSNodeSetSExpTokValue:
+ * @cur: the pointer to an XML node.
+ * @sexp: the sexp
+ * @tok: the token
+ * @addLineBreaks: if the flag is equal to 1 then
+ *              linebreaks will be added before and after
+ *              new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGnuTLSNodeSetSExpTokValue(xmlNodePtr cur, const gcry_sexp_t sexp,
+                                const char * tok, int addLineBreaks)
+{
+    gcry_sexp_t val = NULL;
+    gcry_mpi_t mpi = NULL;
+    int res = -1;
+
+    xmlSecAssert2(cur != NULL, -1);
+    xmlSecAssert2(sexp != NULL, -1);
+    xmlSecAssert2(tok != NULL, -1);
+
+    val = gcry_sexp_find_token(sexp, tok, 0);
+    if(val == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_find_token",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "tok=%s",
+                    xmlSecErrorsSafeString(tok));
+        goto done;
+    }
+
+    mpi = gcry_sexp_nth_mpi(val, 1, GCRYMPI_FMT_USG);
+    if(mpi == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_sexp_nth_mpi",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "tok=%s",
+                    xmlSecErrorsSafeString(tok));
+        goto done;
+    }
+
+    /* almost done */
+    res = xmlSecGnuTLSNodeSetMpiValue(cur, mpi, addLineBreaks);
+
+done:
+    if(mpi != NULL) {
+        gcry_mpi_release(mpi);
+    }
+    if(val != NULL) {
+        gcry_sexp_release(val);
+    }
+
+    return(res);
+}
+
+#ifndef XMLSEC_NO_DSA
+/**************************************************************************
+ *
+ * <dsig:DSAKeyValue> processing
+ *
+ *
+ * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
+ *
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA public key values can have the following fields:
+ *
+ *   * P - a prime modulus meeting the [DSS] requirements
+ *   * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ *         divisor of P-1
+ *   * G - an integer with certain properties with respect to P and Q
+ *   * Y - G**X mod P (where X is part of the private key and not made
+ *         public)
+ *   * J - (P - 1) / Q
+ *   * seed - a DSA prime generation seed
+ *   * pgenCounter - a DSA prime generation counter
+ *
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
+ * encoded as base64 [MIME] values.
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
+ *   <sequence>
+ *     <sequence minOccurs="0">
+ *        <element name="P" type="ds:CryptoBinary"/>
+ *        <element name="Q" type="ds:CryptoBinary"/>
+ *     </sequence>
+ *     <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ *     <element name="Y" type="ds:CryptoBinary"/>
+ *     <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ *     <sequence minOccurs="0">
+ *       <element name="Seed" type="ds:CryptoBinary"/>
+ *       <element name="PgenCounter" type="ds:CryptoBinary"/>
+ *     </sequence>
+ *   </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ *  <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ *  <!ELEMENT P (#PCDATA) >
+ *  <!ELEMENT Q (#PCDATA) >
+ *  <!ELEMENT G (#PCDATA) >
+ *  <!ELEMENT Y (#PCDATA) >
+ *  <!ELEMENT J (#PCDATA) >
+ *  <!ELEMENT Seed (#PCDATA) >
+ *  <!ELEMENT PgenCounter (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an X element added (before Y).
+ * todo: The current implementation does not support Seed and PgenCounter!
+ * by this the P, Q and G are *required*!
+ *
+ *************************************************************************/
+static int              xmlSecGnuTLSKeyDataDsaInitialize        (xmlSecKeyDataPtr data);
+static int              xmlSecGnuTLSKeyDataDsaDuplicate         (xmlSecKeyDataPtr dst,
+                                                                 xmlSecKeyDataPtr src);
+static void             xmlSecGnuTLSKeyDataDsaFinalize          (xmlSecKeyDataPtr data);
+static int              xmlSecGnuTLSKeyDataDsaXmlRead           (xmlSecKeyDataId id,
+                                                                 xmlSecKeyPtr key,
+                                                                 xmlNodePtr node,
+                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecGnuTLSKeyDataDsaXmlWrite          (xmlSecKeyDataId id,
+                                                                 xmlSecKeyPtr key,
+                                                                 xmlNodePtr node,
+                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecGnuTLSKeyDataDsaGenerate          (xmlSecKeyDataPtr data,
+                                                                 xmlSecSize sizeBits,
+                                                                 xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGnuTLSKeyDataDsaGetType          (xmlSecKeyDataPtr data);
+static xmlSecSize       xmlSecGnuTLSKeyDataDsaGetSize           (xmlSecKeyDataPtr data);
+static void             xmlSecGnuTLSKeyDataDsaDebugDump         (xmlSecKeyDataPtr data,
+                                                                 FILE* output);
+static void             xmlSecGnuTLSKeyDataDsaDebugXmlDump      (xmlSecKeyDataPtr data,
+                                                                 FILE* output);
+
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataDsaKlass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecGnuTLSAsymKeyDataSize,
+
+    /* data */
+    xmlSecNameDSAKeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+                                                /* xmlSecKeyDataUsage usage; */
+    xmlSecHrefDSAKeyValue,                      /* const xmlChar* href; */
+    xmlSecNodeDSAKeyValue,                      /* const xmlChar* dataNodeName; */
+    xmlSecDSigNs,                               /* const xmlChar* dataNodeNs; */
+
+    /* constructors/destructor */
+    xmlSecGnuTLSKeyDataDsaInitialize,          /* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecGnuTLSKeyDataDsaDuplicate,           /* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecGnuTLSKeyDataDsaFinalize,            /* xmlSecKeyDataFinalizeMethod finalize; */
+    xmlSecGnuTLSKeyDataDsaGenerate,            /* xmlSecKeyDataGenerateMethod generate; */
+
+    /* get info */
+    xmlSecGnuTLSKeyDataDsaGetType,             /* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecGnuTLSKeyDataDsaGetSize,             /* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,                                       /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+    /* read/write */
+    xmlSecGnuTLSKeyDataDsaXmlRead,             /* xmlSecKeyDataXmlReadMethod xmlRead; */
+    xmlSecGnuTLSKeyDataDsaXmlWrite,            /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    NULL,                                       /* xmlSecKeyDataBinReadMethod binRead; */
+    NULL,                                       /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+    /* debug */
+    xmlSecGnuTLSKeyDataDsaDebugDump,           /* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecGnuTLSKeyDataDsaDebugXmlDump,        /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+    /* reserved for the future */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataDsaGetKlass(void) {
+    return(&xmlSecGnuTLSKeyDataDsaKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDsaAdoptKey:
+ * @data:               the pointer to DSA key data.
+ * @dsa_key:            the pointer to GnuTLS DSA key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataDsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t dsa_key) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+    xmlSecAssert2(dsa_key != NULL, -1);
+
+    return xmlSecGnuTLSAsymKeyDataAdoptKey(data, dsa_key);
+}
+
+
+/**
+ * xmlSecGnuTLSKeyDataDsaAdoptKeyPair:
+ * @data:               the pointer to DSA key data.
+ * @pub_key:            the pointer to GnuTLS DSA pub key.
+ * @priv_key:           the pointer to GnuTLS DSA priv key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataDsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+    xmlSecAssert2(pub_key != NULL, -1);
+
+    return xmlSecGnuTLSAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDsaGetPublicKey:
+ * @data:               the pointer to DSA key data.
+ *
+ * Gets the GnuTLS DSA public key from DSA key data.
+ *
+ * Returns: pointer to GnuTLS public DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGnuTLSKeyDataDsaGetPublicKey(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), NULL);
+    return xmlSecGnuTLSAsymKeyDataGetPublicKey(data);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDsaGetPrivateKey:
+ * @data:               the pointer to DSA key data.
+ *
+ * Gets the GnuTLS DSA private key from DSA key data.
+ *
+ * Returns: pointer to GnuTLS private DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGnuTLSKeyDataDsaGetPrivateKey(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), NULL);
+    return xmlSecGnuTLSAsymKeyDataGetPrivateKey(data);
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+
+    return(xmlSecGnuTLSAsymKeyDataInitialize(data));
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGnuTLSKeyDataDsaId), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGnuTLSKeyDataDsaId), -1);
+
+    return(xmlSecGnuTLSAsymKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecGnuTLSKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId));
+
+    xmlSecGnuTLSAsymKeyDataFinalize(data);
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+    xmlSecAssert2(sizeBits > 0, -1);
+
+    return xmlSecGnuTLSAsymKeyDataGenerate(data, "dsa", sizeBits);
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+
+    return xmlSecGnuTLSAsymKeyDataGetType(data);
+}
+
+static xmlSecSize
+xmlSecGnuTLSKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), 0);
+
+    return xmlSecGnuTLSAsymKeyDataGetSize(data);
+}
+
+static void
+xmlSecGnuTLSKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId));
+    xmlSecAssert(output != NULL);
+
+    fprintf(output, "=== dsa key: size = %d\n",
+            xmlSecGnuTLSKeyDataDsaGetSize(data));
+}
+
+static void
+xmlSecGnuTLSKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId));
+    xmlSecAssert(output != NULL);
+
+    fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+            xmlSecGnuTLSKeyDataDsaGetSize(data));
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaXmlRead(xmlSecKeyDataId id,
+                              xmlSecKeyPtr key,
+                              xmlNodePtr node,
+                              xmlSecKeyInfoCtxPtr keyInfoCtx)
+{
+    xmlNodePtr cur;
+    xmlSecKeyDataPtr data = NULL;
+    gcry_mpi_t p = NULL;
+    gcry_mpi_t q = NULL;
+    gcry_mpi_t g = NULL;
+    gcry_mpi_t x = NULL;
+    gcry_mpi_t y = NULL;
+    gcry_sexp_t pub_key = NULL;
+    gcry_sexp_t priv_key = NULL;
+    gcry_error_t err;
+    int res = -1;
+    int ret;
+
+    xmlSecAssert2(id == xmlSecGnuTLSKeyDataDsaId, -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+    if(xmlSecKeyGetValue(key) != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+
+    cur = xmlSecGetNextElementNode(node->children);
+
+    /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur,  xmlSecNodeDSAP, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAP));
+        goto done;
+    }
+    p = xmlSecGnuTLSNodeGetMpiValue(cur);
+    if(p == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAP));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+
+    /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+        goto done;
+    }
+    q = xmlSecGnuTLSNodeGetMpiValue(cur);
+    if(q == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+
+    /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAG));
+        goto done;
+    }
+    g = xmlSecGnuTLSNodeGetMpiValue(cur);
+    if(g == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAG));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
+        /* next is X node. It is REQUIRED for private key but
+         * we are not sure exactly what do we read */
+        x = xmlSecGnuTLSNodeGetMpiValue(cur);
+        if(x == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGnuTLSNodeGetMpiValue",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeDSAX));
+            goto done;
+        }
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+
+    /* next is Y node. */
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAY));
+        goto done;
+    }
+    y = xmlSecGnuTLSNodeGetMpiValue(cur);
+    if(y == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+
+    /* todo: add support for J */
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+
+    /* todo: add support for seed */
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+
+    /* todo: add support for pgencounter */
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+
+    if(cur != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+
+
+    /* construct pub/priv key pairs */
+    err = gcry_sexp_build(&pub_key, NULL,
+             "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+             p, q, g, y);
+    if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "gcry_sexp_build(public)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    if(x != NULL) {
+        err = gcry_sexp_build(&priv_key, NULL,
+                 "(private-key(dsa(p%m)(q%m)(g%m)(x%m)(y%m)))",
+                 p, q, g, x, y);
+        if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                        "gcry_sexp_build(private)",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            goto done;
+        }
+    }
+
+    /* create key data */
+    data = xmlSecKeyDataCreate(id);
+    if(data == NULL ) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecKeyDataCreate",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+
+    ret = xmlSecGnuTLSKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecGnuTLSKeyDataDsaAdoptKeyPair",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    pub_key = NULL; /* pub_key is owned by data now */
+    priv_key = NULL; /* priv_key is owned by data now */
+
+    /* set key */
+    ret = xmlSecKeySetValue(key, data);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecKeySetValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    data = NULL; /* data is owned by key now */
+
+    /* success */
+    res = 0;
+
+done:
+    /* cleanup */
+    if(p != NULL) {
+        gcry_mpi_release(p);
+    }
+
+    if(q != NULL) {
+        gcry_mpi_release(q);
+    }
+
+    if(g != NULL) {
+        gcry_mpi_release(g);
+    }
+
+    if(x != NULL) {
+        gcry_mpi_release(x);
+    }
+
+    if(y != NULL) {
+        gcry_mpi_release(y);
+    }
+
+    if(pub_key != NULL) {
+        gcry_sexp_release(pub_key);
+    }
+
+    if(priv_key != NULL) {
+        gcry_sexp_release(priv_key);
+    }
+
+    if(data != NULL) {
+        xmlSecKeyDataDestroy(data);
+    }
+    return(res);
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                                xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlNodePtr cur;
+    gcry_sexp_t pub_priv_key;
+    gcry_sexp_t dsa = NULL;
+    int private = 0;
+    int res = -1;
+    int ret;
+
+    xmlSecAssert2(id == xmlSecGnuTLSKeyDataDsaId, -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataDsaId), -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+    if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+        /* we can have only private key or public key */
+        return(0);
+    }
+
+    /* find the private or public key */
+    pub_priv_key = xmlSecGnuTLSKeyDataDsaGetPrivateKey(xmlSecKeyGetValue(key));
+    if(pub_priv_key == NULL) {
+        pub_priv_key = xmlSecGnuTLSKeyDataDsaGetPublicKey(xmlSecKeyGetValue(key));
+        if(pub_priv_key == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGnuTLSKeyDataDsaGetPublicKey()",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            goto done;
+        }
+    } else {
+        private = 1;
+    }
+
+    dsa = gcry_sexp_find_token(pub_priv_key, "dsa", 0);
+    if(dsa == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "gcry_sexp_find_token(dsa)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+
+    /* first is P node */
+    cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAP));
+        goto done;
+    }
+    ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "p", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAP));
+        goto done;
+    }
+
+    /* next is Q node. */
+    cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+        goto done;
+    }
+    ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "q", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+        goto done;
+    }
+
+    /* next is G node. */
+    cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAG));
+        goto done;
+    }
+    ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "g", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAG));
+        goto done;
+    }
+
+    /* next is X node: write it ONLY for private keys and ONLY if it is requested */
+    if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+        cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
+        if(cur == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecAddChild",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeDSAX));
+            goto done;
+        }
+        ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "x", 1);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGnuTLSNodeSetSExpTokValue",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeDSAX));
+            goto done;
+        }
+    }
+
+    /* next is Y node. */
+    cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAY));
+        goto done;
+    }
+    ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "y", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeDSAY));
+        goto done;
+    }
+
+    /* success */
+    res = 0;
+
+done:
+    if(dsa != NULL) {
+        gcry_sexp_release(dsa);
+    }
+
+    return(res);
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+
+#ifndef XMLSEC_NO_RSA
+/**************************************************************************
+ *
+ * <dsig:RSAKeyValue> processing
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
+ * The RSAKeyValue Element
+ *
+ * RSA key values have two fields: Modulus and Exponent.
+ *
+ * <RSAKeyValue>
+ *   <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
+ *     jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
+ *        5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ *   </Modulus>
+ *   <Exponent>AQAB</Exponent>
+ * </RSAKeyValue>
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+ * <complexType name="RSAKeyValueType">
+ *   <sequence>
+ *     <element name="Modulus" type="ds:CryptoBinary"/>
+ *     <element name="Exponent" type="ds:CryptoBinary"/>
+ *   </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ * <!ELEMENT Modulus (#PCDATA) >
+ * <!ELEMENT Exponent (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an PrivateExponent element is added
+ * to the end
+ *
+ *************************************************************************/
+
+static int              xmlSecGnuTLSKeyDataRsaInitialize       (xmlSecKeyDataPtr data);
+static int              xmlSecGnuTLSKeyDataRsaDuplicate        (xmlSecKeyDataPtr dst,
+                                                                 xmlSecKeyDataPtr src);
+static void             xmlSecGnuTLSKeyDataRsaFinalize         (xmlSecKeyDataPtr data);
+static int              xmlSecGnuTLSKeyDataRsaXmlRead          (xmlSecKeyDataId id,
+                                                                 xmlSecKeyPtr key,
+                                                                 xmlNodePtr node,
+                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecGnuTLSKeyDataRsaXmlWrite         (xmlSecKeyDataId id,
+                                                                 xmlSecKeyPtr key,
+                                                                 xmlNodePtr node,
+                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecGnuTLSKeyDataRsaGenerate         (xmlSecKeyDataPtr data,
+                                                                 xmlSecSize sizeBits,
+                                                                 xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGnuTLSKeyDataRsaGetType         (xmlSecKeyDataPtr data);
+static xmlSecSize               xmlSecGnuTLSKeyDataRsaGetSize          (xmlSecKeyDataPtr data);
+static void             xmlSecGnuTLSKeyDataRsaDebugDump        (xmlSecKeyDataPtr data,
+                                                                 FILE* output);
+static void             xmlSecGnuTLSKeyDataRsaDebugXmlDump     (xmlSecKeyDataPtr data,
+                                                                 FILE* output);
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataRsaKlass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecGnuTLSAsymKeyDataSize,
+
+    /* data */
+    xmlSecNameRSAKeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+                                                /* xmlSecKeyDataUsage usage; */
+    xmlSecHrefRSAKeyValue,                      /* const xmlChar* href; */
+    xmlSecNodeRSAKeyValue,                      /* const xmlChar* dataNodeName; */
+    xmlSecDSigNs,                               /* const xmlChar* dataNodeNs; */
+
+    /* constructors/destructor */
+    xmlSecGnuTLSKeyDataRsaInitialize,          /* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecGnuTLSKeyDataRsaDuplicate,           /* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecGnuTLSKeyDataRsaFinalize,            /* xmlSecKeyDataFinalizeMethod finalize; */
+    xmlSecGnuTLSKeyDataRsaGenerate,            /* xmlSecKeyDataGenerateMethod generate; */
+
+    /* get info */
+    xmlSecGnuTLSKeyDataRsaGetType,             /* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecGnuTLSKeyDataRsaGetSize,             /* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,                                       /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+    /* read/write */
+    xmlSecGnuTLSKeyDataRsaXmlRead,             /* xmlSecKeyDataXmlReadMethod xmlRead; */
+    xmlSecGnuTLSKeyDataRsaXmlWrite,            /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    NULL,                                       /* xmlSecKeyDataBinReadMethod binRead; */
+    NULL,                                       /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+    /* debug */
+    xmlSecGnuTLSKeyDataRsaDebugDump,           /* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecGnuTLSKeyDataRsaDebugXmlDump,        /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+    /* reserved for the future */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataRsaGetKlass:
+ *
+ * The GnuTLS RSA key data klass.
+ *
+ * Returns: pointer to GnuTLS RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataRsaGetKlass(void) {
+    return(&xmlSecGnuTLSKeyDataRsaKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataRsaAdoptKey:
+ * @data:               the pointer to RSA key data.
+ * @rsa_key:            the pointer to GnuTLS RSA key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataRsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t rsa_key) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+    xmlSecAssert2(rsa_key != NULL, -1);
+
+    return xmlSecGnuTLSAsymKeyDataAdoptKey(data, rsa_key);
+}
+
+
+/**
+ * xmlSecGnuTLSKeyDataRsaAdoptKeyPair:
+ * @data:               the pointer to RSA key data.
+ * @pub_key:            the pointer to GnuTLS RSA pub key.
+ * @priv_key:           the pointer to GnuTLS RSA priv key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataRsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+    xmlSecAssert2(pub_key != NULL, -1);
+
+    return xmlSecGnuTLSAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataRsaGetPublicKey:
+ * @data:               the pointer to RSA key data.
+ *
+ * Gets the GnuTLS RSA public key from RSA key data.
+ *
+ * Returns: pointer to GnuTLS public RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGnuTLSKeyDataRsaGetPublicKey(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), NULL);
+    return xmlSecGnuTLSAsymKeyDataGetPublicKey(data);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataRsaGetPrivateKey:
+ * @data:               the pointer to RSA key data.
+ *
+ * Gets the GnuTLS RSA private key from RSA key data.
+ *
+ * Returns: pointer to GnuTLS private RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGnuTLSKeyDataRsaGetPrivateKey(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), NULL);
+    return xmlSecGnuTLSAsymKeyDataGetPrivateKey(data);
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+
+    return(xmlSecGnuTLSAsymKeyDataInitialize(data));
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGnuTLSKeyDataRsaId), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGnuTLSKeyDataRsaId), -1);
+
+    return(xmlSecGnuTLSAsymKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecGnuTLSKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId));
+
+    xmlSecGnuTLSAsymKeyDataFinalize(data);
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+    xmlSecAssert2(sizeBits > 0, -1);
+
+    return xmlSecGnuTLSAsymKeyDataGenerate(data, "rsa", sizeBits);
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSKeyDataRsaGetType(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), xmlSecKeyDataTypeUnknown);
+
+    return xmlSecGnuTLSAsymKeyDataGetType(data);
+}
+
+static xmlSecSize
+xmlSecGnuTLSKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), 0);
+
+    return xmlSecGnuTLSAsymKeyDataGetSize(data);
+}
+
+static void
+xmlSecGnuTLSKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId));
+    xmlSecAssert(output != NULL);
+
+    fprintf(output, "=== rsa key: size = %d\n",
+            xmlSecGnuTLSKeyDataRsaGetSize(data));
+}
+
+static void
+xmlSecGnuTLSKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId));
+    xmlSecAssert(output != NULL);
+
+    fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+            xmlSecGnuTLSKeyDataRsaGetSize(data));
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                                    xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlNodePtr cur;
+    xmlSecKeyDataPtr data = NULL;
+    gcry_mpi_t n = NULL;
+    gcry_mpi_t e = NULL;
+    gcry_mpi_t d = NULL;
+    gcry_sexp_t pub_key = NULL;
+    gcry_sexp_t priv_key = NULL;
+    gcry_error_t err;
+    int res = -1;
+    int ret;
+
+    xmlSecAssert2(id == xmlSecGnuTLSKeyDataRsaId, -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+    if(xmlSecKeyGetValue(key) != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+                    "key already has a value");
+        goto done;
+    }
+
+    cur = xmlSecGetNextElementNode(node->children);
+
+    /* first is Modulus node. It is REQUIRED */
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur,  xmlSecNodeRSAModulus, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+        goto done;
+    }
+    n = xmlSecGnuTLSNodeGetMpiValue(cur);
+    if(n == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+
+    /* next is Exponent node. It is REQUIRED */
+    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+        goto done;
+    }
+    e = xmlSecGnuTLSNodeGetMpiValue(cur);
+    if(e == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeGetMpiValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+        goto done;
+    }
+    cur = xmlSecGetNextElementNode(cur->next);
+
+    if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
+        /* next is PrivateExponent node. It is REQUIRED for private key */
+        d = xmlSecGnuTLSNodeGetMpiValue(cur);
+        if(d == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGnuTLSNodeGetMpiValue",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+            goto done;
+        }
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+
+    if(cur != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "no nodes expected");
+        goto done;
+    }
+
+    /* construct pub/priv key pairs */
+    err = gcry_sexp_build(&pub_key, NULL,
+             "(public-key(rsa(n%m)(e%m)))",
+             n, e);
+    if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "gcry_sexp_build(public)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    if(d != NULL) {
+        err = gcry_sexp_build(&priv_key, NULL,
+                 "(private-key(rsa(n%m)(e%m)(d%m)))",
+                 n, e, d);
+        if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                        "gcry_sexp_build(private)",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            goto done;
+        }
+    }
+
+
+    /* create key data */
+    data = xmlSecKeyDataCreate(id);
+    if(data == NULL ) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecKeyDataCreate",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+
+    ret = xmlSecGnuTLSKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecGnuTLSKeyDataRsaAdoptKeyPair",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    pub_key = NULL; /* pub_key is owned by data now */
+    priv_key = NULL; /* priv_key is owned by data now */
+
+    /* set key */
+    ret = xmlSecKeySetValue(key, data);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecKeySetValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+    data = NULL; /* data is owned by key now */
+
+
+    /* success */
+    res = 0;
+
+done:
+    /* cleanup */
+    if(n != NULL) {
+        gcry_mpi_release(n);
+    }
+
+    if(e != NULL) {
+        gcry_mpi_release(e);
+    }
+
+    if(d != NULL) {
+        gcry_mpi_release(d);
+    }
+
+    if(pub_key != NULL) {
+        gcry_sexp_release(pub_key);
+    }
+
+    if(priv_key != NULL) {
+        gcry_sexp_release(priv_key);
+    }
+
+    if(data != NULL) {
+        xmlSecKeyDataDestroy(data);
+    }
+    return(res);
+
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                            xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlNodePtr cur;
+    gcry_sexp_t pub_priv_key;
+    gcry_sexp_t rsa = NULL;
+    int private = 0;
+    int res = -1;
+    int ret;
+
+    xmlSecAssert2(id == xmlSecGnuTLSKeyDataRsaId, -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataRsaId), -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+    if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+        /* we can have only private key or public key */
+        return(0);
+    }
+
+    /* find the private or public key */
+    pub_priv_key = xmlSecGnuTLSKeyDataRsaGetPrivateKey(xmlSecKeyGetValue(key));
+    if(pub_priv_key == NULL) {
+        pub_priv_key = xmlSecGnuTLSKeyDataRsaGetPublicKey(xmlSecKeyGetValue(key));
+        if(pub_priv_key == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGnuTLSKeyDataRsaGetPublicKey()",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            goto done;
+        }
+    } else {
+        private = 1;
+    }
+
+    rsa = gcry_sexp_find_token(pub_priv_key, "rsa", 0);
+    if(rsa == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "gcry_sexp_find_token(rsa)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto done;
+    }
+
+    /* first is Modulus node */
+    cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+       goto done;
+    }
+    ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, rsa, "n", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+        goto done;
+    }
+
+    /* next is Exponent node. */
+    cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+       goto done;
+    }
+    ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, rsa, "e", 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                    "xmlSecGnuTLSNodeSetSExpTokValue",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+       goto done;
+    }
+
+    /* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */
+    if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+        cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
+        if(cur == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecAddChild",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+           goto done;
+        }
+        ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, rsa, "d", 1);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+                        "xmlSecGnuTLSNodeSetSExpTokValue",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+           goto done;
+        }
+    }
+
+    /* success */
+    res = 0;
+
+done:
+    if(rsa != NULL) {
+        gcry_sexp_release(rsa);
+    }
+
+    return(res);
+}
+
+#endif /* XMLSEC_NO_RSA */
diff --git a/src/gcrypt/ciphers.c b/src/gcrypt/ciphers.c
new file mode 100644
index 0000000..a137ac8
--- /dev/null
+++ b/src/gcrypt/ciphers.c
@@ -0,0 +1,853 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * Internal GnuTLS Block cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGnuTLSBlockCipherCtx              xmlSecGnuTLSBlockCipherCtx,
+                                                        *xmlSecGnuTLSBlockCipherCtxPtr;
+struct _xmlSecGnuTLSBlockCipherCtx {
+    int                 cipher;
+    int                 mode;
+    gcry_cipher_hd_t    cipherCtx;
+    xmlSecKeyDataId     keyId;
+    int                 keyInitialized;
+    int                 ctxInitialized;
+};
+
+static int      xmlSecGnuTLSBlockCipherCtxInit          (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+                                                         xmlSecBufferPtr in,
+                                                         xmlSecBufferPtr out,
+                                                         int encrypt,
+                                                         const xmlChar* cipherName,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGnuTLSBlockCipherCtxUpdate        (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+                                                         xmlSecBufferPtr in,
+                                                         xmlSecBufferPtr out,
+                                                         int encrypt,
+                                                         const xmlChar* cipherName,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGnuTLSBlockCipherCtxFinal         (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+                                                         xmlSecBufferPtr in,
+                                                         xmlSecBufferPtr out,
+                                                         int encrypt,
+                                                         const xmlChar* cipherName,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int
+xmlSecGnuTLSBlockCipherCtxInit(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+                                xmlSecBufferPtr in, xmlSecBufferPtr out,
+                                int encrypt,
+                                const xmlChar* cipherName,
+                                xmlSecTransformCtxPtr transformCtx) {
+    int blockLen;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->cipher != 0, -1);
+    xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+    xmlSecAssert2(ctx->keyInitialized != 0, -1);
+    xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    /* iv len == block len */
+    blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+    xmlSecAssert2(blockLen > 0, -1);
+
+    if(encrypt) {
+        xmlSecByte* iv;
+        xmlSecSize outSize;
+
+        /* allocate space for IV */
+        outSize = xmlSecBufferGetSize(out);
+        ret = xmlSecBufferSetSize(out, outSize + blockLen);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "xmlSecBufferSetSize",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", outSize + blockLen);
+            return(-1);
+        }
+        iv = xmlSecBufferGetData(out) + outSize;
+
+        /* generate and use random iv */
+        gcry_randomize(iv, blockLen, GCRY_STRONG_RANDOM);
+        ret = gcry_cipher_setiv(ctx->cipherCtx, iv, blockLen);
+        if(ret != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "gcry_cipher_setiv",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "ret=%d", ret);
+            return(-1);
+        }
+    } else {
+        /* if we don't have enough data, exit and hope that
+         * we'll have iv next time */
+        if(xmlSecBufferGetSize(in) < (xmlSecSize)blockLen) {
+            return(0);
+        }
+        xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+
+        /* set iv */
+        ret = gcry_cipher_setiv(ctx->cipherCtx, xmlSecBufferGetData(in), blockLen);
+        if(ret != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "gcry_cipher_setiv",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "ret=%d", ret);
+            return(-1);
+        }
+
+        /* and remove from input */
+        ret = xmlSecBufferRemoveHead(in, blockLen);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "xmlSecBufferRemoveHead",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", blockLen);
+            return(-1);
+        }
+    }
+
+    ctx->ctxInitialized = 1;
+    return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherCtxUpdate(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+                                  xmlSecBufferPtr in, xmlSecBufferPtr out,
+                                  int encrypt,
+                                  const xmlChar* cipherName,
+                                  xmlSecTransformCtxPtr transformCtx) {
+    xmlSecSize inSize, inBlocks, outSize;
+    int blockLen;
+    xmlSecByte* outBuf;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->cipher != 0, -1);
+    xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+    xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+    xmlSecAssert2(blockLen > 0, -1);
+
+    inSize = xmlSecBufferGetSize(in);
+    outSize = xmlSecBufferGetSize(out);
+
+    if(inSize < (xmlSecSize)blockLen) {
+        return(0);
+    }
+
+    if(encrypt) {
+        inBlocks = inSize / ((xmlSecSize)blockLen);
+    } else {
+        /* we want to have the last block in the input buffer
+         * for padding check */
+        inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
+    }
+    inSize = inBlocks * ((xmlSecSize)blockLen);
+
+    /* we write out the input size plus may be one block */
+    ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(cipherName),
+                    "xmlSecBufferSetMaxSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", outSize + inSize + blockLen);
+        return(-1);
+    }
+    outBuf = xmlSecBufferGetData(out) + outSize;
+
+    if(encrypt) {
+        ret = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+                                xmlSecBufferGetData(in), inSize);
+        if(ret != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "gcry_cipher_encrypt",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "ret=%d", ret);
+            return(-1);
+        }
+    } else {
+        ret = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+                                xmlSecBufferGetData(in), inSize);
+        if(ret != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "gcry_cipher_decrypt",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "ret=%d", ret);
+            return(-1);
+        }
+    }
+
+    /* set correct output buffer size */
+    ret = xmlSecBufferSetSize(out, outSize + inSize);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(cipherName),
+                    "xmlSecBufferSetSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", outSize + inSize);
+        return(-1);
+    }
+
+    /* remove the processed block from input */
+    ret = xmlSecBufferRemoveHead(in, inSize);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(cipherName),
+                    "xmlSecBufferRemoveHead",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", inSize);
+        return(-1);
+    }
+    return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherCtxFinal(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+                                 xmlSecBufferPtr in,
+                                 xmlSecBufferPtr out,
+                                 int encrypt,
+                                 const xmlChar* cipherName,
+                                 xmlSecTransformCtxPtr transformCtx) {
+    xmlSecSize inSize, outSize;
+    int blockLen, outLen = 0;
+    xmlSecByte* inBuf;
+    xmlSecByte* outBuf;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->cipher != 0, -1);
+    xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+    xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+    xmlSecAssert2(blockLen > 0, -1);
+
+    inSize = xmlSecBufferGetSize(in);
+    outSize = xmlSecBufferGetSize(out);
+
+    if(encrypt != 0) {
+        xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+
+        /* create padding */
+        ret = xmlSecBufferSetMaxSize(in, blockLen);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "xmlSecBufferSetMaxSize",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", blockLen);
+            return(-1);
+        }
+        inBuf = xmlSecBufferGetData(in);
+
+        /* create random padding */
+        if((xmlSecSize)blockLen > (inSize + 1)) {
+            gcry_randomize(inBuf + inSize, blockLen - inSize - 1,
+                        GCRY_STRONG_RANDOM); /* as usual, we are paranoid */
+        }
+        inBuf[blockLen - 1] = blockLen - inSize;
+        inSize = blockLen;
+    } else {
+        if(inSize != (xmlSecSize)blockLen) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        NULL,
+                        XMLSEC_ERRORS_R_INVALID_DATA,
+                        "data=%d;block=%d", inSize, blockLen);
+            return(-1);
+        }
+    }
+
+    /* process last block */
+    ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(cipherName),
+                    "xmlSecBufferSetMaxSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", outSize + 2 * blockLen);
+        return(-1);
+    }
+    outBuf = xmlSecBufferGetData(out) + outSize;
+
+    if(encrypt) {
+        ret = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+                                xmlSecBufferGetData(in), inSize);
+        if(ret != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "gcry_cipher_encrypt",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "ret=%d", ret);
+            return(-1);
+        }
+    } else {
+        ret = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+                                xmlSecBufferGetData(in), inSize);
+        if(ret != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        "gcry_cipher_decrypt",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "ret=%d", ret);
+            return(-1);
+        }
+    }
+
+    if(encrypt == 0) {
+        /* check padding */
+        if(inSize < outBuf[blockLen - 1]) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(cipherName),
+                        NULL,
+                        XMLSEC_ERRORS_R_INVALID_DATA,
+                        "padding=%d;buffer=%d",
+                        outBuf[blockLen - 1], inSize);
+            return(-1);
+        }
+        outLen = inSize - outBuf[blockLen - 1];
+    } else {
+        outLen = inSize;
+    }
+
+    /* set correct output buffer size */
+    ret = xmlSecBufferSetSize(out, outSize + outLen);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(cipherName),
+                    "xmlSecBufferSetSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", outSize + outLen);
+        return(-1);
+    }
+
+    /* remove the processed block from input */
+    ret = xmlSecBufferRemoveHead(in, inSize);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(cipherName),
+                    "xmlSecBufferRemoveHead",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", inSize);
+        return(-1);
+    }
+
+
+    /* set correct output buffer size */
+    ret = xmlSecBufferSetSize(out, outSize + outLen);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(cipherName),
+                    "xmlSecBufferSetSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", outSize + outLen);
+        return(-1);
+    }
+
+    /* remove the processed block from input */
+    ret = xmlSecBufferRemoveHead(in, inSize);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(cipherName),
+                    "xmlSecBufferRemoveHead",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", inSize);
+        return(-1);
+    }
+
+    return(0);
+}
+
+
+/******************************************************************************
+ *
+ *  Block Cipher transforms
+ *
+ * xmlSecGnuTLSBlockCipherCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSBlockCipherSize     \
+    (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSBlockCipherCtx))
+#define xmlSecGnuTLSBlockCipherGetCtx(transform) \
+    ((xmlSecGnuTLSBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int      xmlSecGnuTLSBlockCipherInitialize       (xmlSecTransformPtr transform);
+static void     xmlSecGnuTLSBlockCipherFinalize         (xmlSecTransformPtr transform);
+static int      xmlSecGnuTLSBlockCipherSetKeyReq        (xmlSecTransformPtr transform,
+                                                         xmlSecKeyReqPtr keyReq);
+static int      xmlSecGnuTLSBlockCipherSetKey           (xmlSecTransformPtr transform,
+                                                         xmlSecKeyPtr key);
+static int      xmlSecGnuTLSBlockCipherExecute          (xmlSecTransformPtr transform,
+                                                         int last,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGnuTLSBlockCipherCheckId          (xmlSecTransformPtr transform);
+
+
+
+static int
+xmlSecGnuTLSBlockCipherCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformDes3CbcId)) {
+        return(1);
+    }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes128CbcId) ||
+       xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes192CbcId) ||
+       xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes256CbcId)) {
+
+       return(1);
+    }
+#endif /* XMLSEC_NO_AES */
+
+    return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherInitialize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSBlockCipherCtxPtr ctx;
+    gpg_err_code_t ret;
+
+    xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+
+    ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
+
+#ifndef XMLSEC_NO_DES
+    if(transform->id == xmlSecGnuTLSTransformDes3CbcId) {
+        ctx->cipher     = GCRY_CIPHER_3DES;
+        ctx->mode       = GCRY_CIPHER_MODE_CBC;
+        ctx->keyId      = xmlSecGnuTLSKeyDataDesId;
+    } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+    if(transform->id == xmlSecGnuTLSTransformAes128CbcId) {
+        ctx->cipher     = GCRY_CIPHER_AES128;
+        ctx->mode       = GCRY_CIPHER_MODE_CBC;
+        ctx->keyId      = xmlSecGnuTLSKeyDataAesId;
+    } else if(transform->id == xmlSecGnuTLSTransformAes192CbcId) {
+        ctx->cipher     = GCRY_CIPHER_AES192;
+        ctx->mode       = GCRY_CIPHER_MODE_CBC;
+        ctx->keyId      = xmlSecGnuTLSKeyDataAesId;
+    } else if(transform->id == xmlSecGnuTLSTransformAes256CbcId) {
+        ctx->cipher     = GCRY_CIPHER_AES256;
+        ctx->mode       = GCRY_CIPHER_MODE_CBC;
+        ctx->keyId      = xmlSecGnuTLSKeyDataAesId;
+    } else
+#endif /* XMLSEC_NO_AES */
+
+    if(1) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = gcry_cipher_open(&ctx->cipherCtx, ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "gcry_cipher_open",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    return(0);
+}
+
+static void
+xmlSecGnuTLSBlockCipherFinalize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSBlockCipherCtxPtr ctx;
+
+    xmlSecAssert(xmlSecGnuTLSBlockCipherCheckId(transform));
+    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize));
+
+    ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+    xmlSecAssert(ctx != NULL);
+
+    if(ctx->cipherCtx != NULL) {
+        gcry_cipher_close(ctx->cipherCtx);
+    }
+
+    memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
+}
+
+static int
+xmlSecGnuTLSBlockCipherSetKeyReq(xmlSecTransformPtr transform,  xmlSecKeyReqPtr keyReq) {
+    xmlSecGnuTLSBlockCipherCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+    xmlSecAssert2(keyReq != NULL, -1);
+
+    ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->cipher != 0, -1);
+    xmlSecAssert2(ctx->keyId != NULL, -1);
+
+    keyReq->keyId       = ctx->keyId;
+    keyReq->keyType     = xmlSecKeyDataTypeSymmetric;
+    if(transform->operation == xmlSecTransformOperationEncrypt) {
+        keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+    } else {
+        keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+    }
+
+    keyReq->keyBitsSize = 8 * gcry_cipher_get_algo_keylen(ctx->cipher);
+    return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+    xmlSecGnuTLSBlockCipherCtxPtr ctx;
+    xmlSecBufferPtr buffer;
+    xmlSecSize keySize;
+    int ret;
+
+    xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+    xmlSecAssert2(key != NULL, -1);
+
+    ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+    xmlSecAssert2(ctx->cipher != 0, -1);
+    xmlSecAssert2(ctx->keyInitialized == 0, -1);
+    xmlSecAssert2(ctx->keyId != NULL, -1);
+    xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+    keySize = gcry_cipher_get_algo_keylen(ctx->cipher);
+    xmlSecAssert2(keySize > 0, -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+    xmlSecAssert2(buffer != NULL, -1);
+
+    if(xmlSecBufferGetSize(buffer) < keySize) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+                    "keySize=%d;expected=%d",
+                    xmlSecBufferGetSize(buffer), keySize);
+        return(-1);
+    }
+
+    xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+    ret = gcry_cipher_setkey(ctx->cipherCtx, xmlSecBufferGetData(buffer), keySize);
+    if(ret != 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "gcry_cipher_setkey",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        return(-1);
+    }
+
+    ctx->keyInitialized = 1;
+    return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGnuTLSBlockCipherCtxPtr ctx;
+    xmlSecBufferPtr in, out;
+    int ret;
+
+    xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    in = &(transform->inBuf);
+    out = &(transform->outBuf);
+
+    ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    if(transform->status == xmlSecTransformStatusNone) {
+        transform->status = xmlSecTransformStatusWorking;
+    }
+
+    if(transform->status == xmlSecTransformStatusWorking) {
+        if(ctx->ctxInitialized == 0) {
+            ret = xmlSecGnuTLSBlockCipherCtxInit(ctx, in, out,
+                        (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+                        xmlSecTransformGetName(transform), transformCtx);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecGnuTLSBlockCipherCtxInit",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                return(-1);
+            }
+        }
+        if((ctx->ctxInitialized == 0) && (last != 0)) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        NULL,
+                        XMLSEC_ERRORS_R_INVALID_DATA,
+                        "not enough data to initialize transform");
+            return(-1);
+        }
+        if(ctx->ctxInitialized != 0) {
+            ret = xmlSecGnuTLSBlockCipherCtxUpdate(ctx, in, out,
+                        (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+                        xmlSecTransformGetName(transform), transformCtx);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecGnuTLSBlockCipherCtxUpdate",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                return(-1);
+            }
+        }
+
+        if(last) {
+            ret = xmlSecGnuTLSBlockCipherCtxFinal(ctx, in, out,
+                        (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+                        xmlSecTransformGetName(transform), transformCtx);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecGnuTLSBlockCipherCtxFinal",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                return(-1);
+            }
+            transform->status = xmlSecTransformStatusFinished;
+        }
+    } else if(transform->status == xmlSecTransformStatusFinished) {
+        /* the only way we can get here is if there is no input */
+        xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+    } else if(transform->status == xmlSecTransformStatusNone) {
+        /* the only way we can get here is if there is no enough data in the input */
+        xmlSecAssert2(last == 0, -1);
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_STATUS,
+                    "status=%d", transform->status);
+        return(-1);
+    }
+
+    return(0);
+}
+
+
+#ifndef XMLSEC_NO_AES
+/*********************************************************************
+ *
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSAes128CbcKlass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSBlockCipherSize,                /* xmlSecSize objSize */
+
+    xmlSecNameAes128Cbc,                        /* const xmlChar* name; */
+    xmlSecHrefAes128Cbc,                        /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecGnuTLSBlockCipherInitialize,          /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSBlockCipherFinalize,            /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSBlockCipherSetKeyReq,           /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecGnuTLSBlockCipherSetKey,              /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSBlockCipherExecute,             /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes128CbcGetKlass(void) {
+    return(&xmlSecGnuTLSAes128CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSAes192CbcKlass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSBlockCipherSize,                /* xmlSecSize objSize */
+
+    xmlSecNameAes192Cbc,                        /* const xmlChar* name; */
+    xmlSecHrefAes192Cbc,                        /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecGnuTLSBlockCipherInitialize,          /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSBlockCipherFinalize,            /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSBlockCipherSetKeyReq,           /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecGnuTLSBlockCipherSetKey,              /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSBlockCipherExecute,             /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes192CbcGetKlass(void) {
+    return(&xmlSecGnuTLSAes192CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSAes256CbcKlass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSBlockCipherSize,                /* xmlSecSize objSize */
+
+    xmlSecNameAes256Cbc,                        /* const xmlChar* name; */
+    xmlSecHrefAes256Cbc,                        /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecGnuTLSBlockCipherInitialize,          /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSBlockCipherFinalize,            /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSBlockCipherSetKeyReq,           /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecGnuTLSBlockCipherSetKey,              /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSBlockCipherExecute,             /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes256CbcGetKlass(void) {
+    return(&xmlSecGnuTLSAes256CbcKlass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+static xmlSecTransformKlass xmlSecGnuTLSDes3CbcKlass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSBlockCipherSize,                /* xmlSecSize objSize */
+
+    xmlSecNameDes3Cbc,                          /* const xmlChar* name; */
+    xmlSecHrefDes3Cbc,                          /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecGnuTLSBlockCipherInitialize,          /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSBlockCipherFinalize,            /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSBlockCipherSetKeyReq,           /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecGnuTLSBlockCipherSetKey,              /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSBlockCipherExecute,             /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformDes3CbcGetKlass(void) {
+    return(&xmlSecGnuTLSDes3CbcKlass);
+}
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gcrypt/crypto.c b/src/gcrypt/crypto.c
new file mode 100644
index 0000000..3687c65
--- /dev/null
+++ b/src/gcrypt/crypto.c
@@ -0,0 +1,330 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecGnuTLSFunctions = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_gnutls:
+ *
+ * Gets the pointer to xmlsec-gnutls functions table.
+ *
+ * Returns: the xmlsec-gnutls functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_gnutls(void) {
+    static xmlSecCryptoDLFunctions functions;
+
+    if(gXmlSecGnuTLSFunctions != NULL) {
+        return(gXmlSecGnuTLSFunctions);
+    }
+
+    memset(&functions, 0, sizeof(functions));
+    gXmlSecGnuTLSFunctions = &functions;
+
+    /********************************************************************
+     *
+     * Crypto Init/shutdown
+     *
+     ********************************************************************/
+    gXmlSecGnuTLSFunctions->cryptoInit                  = xmlSecGnuTLSInit;
+    gXmlSecGnuTLSFunctions->cryptoShutdown              = xmlSecGnuTLSShutdown;
+    gXmlSecGnuTLSFunctions->cryptoKeysMngrInit          = xmlSecGnuTLSKeysMngrInit;
+
+    /********************************************************************
+     *
+     * Key data ids
+     *
+     ********************************************************************/
+#ifndef XMLSEC_NO_AES
+    gXmlSecGnuTLSFunctions->keyDataAesGetKlass          = xmlSecGnuTLSKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+    gXmlSecGnuTLSFunctions->keyDataDesGetKlass          = xmlSecGnuTLSKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_DSA
+    gXmlSecGnuTLSFunctions->keyDataDsaGetKlass          = xmlSecGnuTLSKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_HMAC
+    gXmlSecGnuTLSFunctions->keyDataHmacGetKlass         = xmlSecGnuTLSKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+    gXmlSecGnuTLSFunctions->keyDataRsaGetKlass          = xmlSecGnuTLSKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+
+    /********************************************************************
+     *
+     * Key data store ids
+     *
+     ********************************************************************/
+
+    /********************************************************************
+     *
+     * Crypto transforms ids
+     *
+     ********************************************************************/
+
+    /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+    gXmlSecGnuTLSFunctions->transformAes128CbcGetKlass          = xmlSecGnuTLSTransformAes128CbcGetKlass;
+    gXmlSecGnuTLSFunctions->transformAes192CbcGetKlass          = xmlSecGnuTLSTransformAes192CbcGetKlass;
+    gXmlSecGnuTLSFunctions->transformAes256CbcGetKlass          = xmlSecGnuTLSTransformAes256CbcGetKlass;
+    gXmlSecGnuTLSFunctions->transformKWAes128GetKlass           = xmlSecGnuTLSTransformKWAes128GetKlass;
+    gXmlSecGnuTLSFunctions->transformKWAes192GetKlass           = xmlSecGnuTLSTransformKWAes192GetKlass;
+    gXmlSecGnuTLSFunctions->transformKWAes256GetKlass           = xmlSecGnuTLSTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+    /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+    gXmlSecGnuTLSFunctions->transformDes3CbcGetKlass            = xmlSecGnuTLSTransformDes3CbcGetKlass;
+    gXmlSecGnuTLSFunctions->transformKWDes3GetKlass             = xmlSecGnuTLSTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+    /******************************* DSA ********************************/
+#ifdef ALEKSEY_TODO
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecGnuTLSFunctions->transformDsaSha1GetKlass            = xmlSecGnuTLSTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#endif /* ALEKSEY_TODO */
+
+    /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+    gXmlSecGnuTLSFunctions->transformHmacMd5GetKlass            = xmlSecGnuTLSTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+    gXmlSecGnuTLSFunctions->transformHmacRipemd160GetKlass      = xmlSecGnuTLSTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecGnuTLSFunctions->transformHmacSha1GetKlass           = xmlSecGnuTLSTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecGnuTLSFunctions->transformHmacSha256GetKlass         = xmlSecGnuTLSTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecGnuTLSFunctions->transformHmacSha384GetKlass         = xmlSecGnuTLSTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecGnuTLSFunctions->transformHmacSha512GetKlass         = xmlSecGnuTLSTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+    /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+    gXmlSecGnuTLSFunctions->transformMd5GetKlass                = xmlSecGnuTLSTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+    /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+    gXmlSecGnuTLSFunctions->transformRipemd160GetKlass          = xmlSecGnuTLSTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+    /******************************* RSA ********************************/
+#ifdef ALEKSEY_TODO
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+    gXmlSecGnuTLSFunctions->transformRsaMd5GetKlass            = xmlSecGnuTLSTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+    gXmlSecGnuTLSFunctions->transformRsaRipemd160GetKlass      = xmlSecGnuTLSTransformRsaRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecGnuTLSFunctions->transformRsaSha1GetKlass           = xmlSecGnuTLSTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+    gXmlSecGnuTLSFunctions->transformRsaSha224GetKlass         = xmlSecGnuTLSTransformRsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecGnuTLSFunctions->transformRsaSha256GetKlass         = xmlSecGnuTLSTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecGnuTLSFunctions->transformRsaSha384GetKlass         = xmlSecGnuTLSTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecGnuTLSFunctions->transformRsaSha512GetKlass         = xmlSecGnuTLSTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+    gXmlSecGnuTLSFunctions->transformRsaPkcs1GetKlass          = xmlSecGnuTLSTransformRsaPkcs1GetKlass;
+    gXmlSecGnuTLSFunctions->transformRsaOaepGetKlass           = xmlSecGnuTLSTransformRsaOaepGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+#endif /* ALEKSEY_TODO */
+
+    /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecGnuTLSFunctions->transformSha1GetKlass               = xmlSecGnuTLSTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecGnuTLSFunctions->transformSha256GetKlass             = xmlSecGnuTLSTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecGnuTLSFunctions->transformSha384GetKlass             = xmlSecGnuTLSTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecGnuTLSFunctions->transformSha512GetKlass             = xmlSecGnuTLSTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+
+    /********************************************************************
+     *
+     * High level routines form xmlsec command line utility
+     *
+     ********************************************************************/
+    gXmlSecGnuTLSFunctions->cryptoAppInit                       = xmlSecGnuTLSAppInit;
+    gXmlSecGnuTLSFunctions->cryptoAppShutdown                   = xmlSecGnuTLSAppShutdown;
+    gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrInit        = xmlSecGnuTLSAppDefaultKeysMngrInit;
+    gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrAdoptKey    = xmlSecGnuTLSAppDefaultKeysMngrAdoptKey;
+    gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrLoad        = xmlSecGnuTLSAppDefaultKeysMngrLoad;
+    gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrSave        = xmlSecGnuTLSAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+    gXmlSecGnuTLSFunctions->cryptoAppKeysMngrCertLoad           = xmlSecGnuTLSAppKeysMngrCertLoad;
+    gXmlSecGnuTLSFunctions->cryptoAppPkcs12Load                 = xmlSecGnuTLSAppPkcs12Load;
+    gXmlSecGnuTLSFunctions->cryptoAppKeyCertLoad                = xmlSecGnuTLSAppKeyCertLoad;
+#endif /* XMLSEC_NO_X509 */
+    gXmlSecGnuTLSFunctions->cryptoAppKeyLoad                    = xmlSecGnuTLSAppKeyLoad;
+    gXmlSecGnuTLSFunctions->cryptoAppDefaultPwdCallback         = (void*)xmlSecGnuTLSAppGetDefaultPwdCallback();
+
+    return(gXmlSecGnuTLSFunctions);
+}
+
+
+/**
+ * xmlSecGnuTLSInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSInit (void)  {
+    /* Check loaded xmlsec library version */
+    if(xmlSecCheckVersionExact() != 1) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecCheckVersionExact",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    /* register our klasses */
+    if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gnutls()) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSShutdown(void) {
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeysMngrInit:
+ * @mngr:               the pointer to keys manager.
+ *
+ * Adds GnuTLS specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+    xmlSecAssert2(mngr != NULL, -1);
+
+    /* TODO: add key data stores */
+    return(0);
+}
+
+/**
+ * xmlSecGnuTLSGenerateRandom:
+ * @buffer:             the destination buffer.
+ * @size:               the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+    int ret;
+
+    xmlSecAssert2(buffer != NULL, -1);
+    xmlSecAssert2(size > 0, -1);
+
+    ret = xmlSecBufferSetSize(buffer, size);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferSetSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", size);
+        return(-1);
+    }
+
+    /* get random data */
+    gcry_randomize(xmlSecBufferGetData(buffer), size, GCRY_STRONG_RANDOM);
+    return(0);
+}
diff --git a/src/gcrypt/digests.c b/src/gcrypt/digests.c
new file mode 100644
index 0000000..c43cd08
--- /dev/null
+++ b/src/gcrypt/digests.c
@@ -0,0 +1,616 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+#define XMLSEC_GNUTLS_MAX_DIGEST_SIZE           256
+
+/**************************************************************************
+ *
+ * Internal GNUTLS Digest CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGnuTLSDigestCtx           xmlSecGnuTLSDigestCtx, *xmlSecGnuTLSDigestCtxPtr;
+struct _xmlSecGnuTLSDigestCtx {
+    int                 digest;
+    gcry_md_hd_t        digestCtx;
+    xmlSecByte          dgst[XMLSEC_GNUTLS_MAX_DIGEST_SIZE];
+    xmlSecSize          dgstSize;       /* dgst size in bytes */
+};
+
+/******************************************************************************
+ *
+ * Digest transforms
+ *
+ * xmlSecGnuTLSDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSDigestSize  \
+    (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSDigestCtx))
+#define xmlSecGnuTLSDigestGetCtx(transform) \
+    ((xmlSecGnuTLSDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int      xmlSecGnuTLSDigestInitialize            (xmlSecTransformPtr transform);
+static void     xmlSecGnuTLSDigestFinalize              (xmlSecTransformPtr transform);
+static int      xmlSecGnuTLSDigestVerify                (xmlSecTransformPtr transform,
+                                                         const xmlSecByte* data,
+                                                         xmlSecSize dataSize,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGnuTLSDigestExecute               (xmlSecTransformPtr transform,
+                                                         int last,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGnuTLSDigestCheckId               (xmlSecTransformPtr transform);
+
+static int
+xmlSecGnuTLSDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha256Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha384Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha512Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformMd5Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformRipemd160Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+    /* not found */
+    {
+        return(0);
+    }
+
+    /* just in case */
+    return(0);
+}
+
+static int
+xmlSecGnuTLSDigestInitialize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSDigestCtxPtr ctx;
+    gpg_err_code_t ret;
+
+    xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+
+    ctx = xmlSecGnuTLSDigestGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    /* initialize context */
+    memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
+
+#ifndef XMLSEC_NO_SHA1
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
+        ctx->digest = GCRY_MD_SHA1;
+    } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha256Id)) {
+        ctx->digest = GCRY_MD_SHA256;
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha384Id)) {
+        ctx->digest = GCRY_MD_SHA384;
+    } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha512Id)) {
+        ctx->digest = GCRY_MD_SHA512;
+    } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformMd5Id)) {
+        ctx->digest = GCRY_MD_MD5;
+    } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformRipemd160Id)) {
+        ctx->digest = GCRY_MD_RMD160;
+    } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+    if(1) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "gcry_md_open",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    return(0);
+}
+
+static void
+xmlSecGnuTLSDigestFinalize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSDigestCtxPtr ctx;
+
+    xmlSecAssert(xmlSecGnuTLSDigestCheckId(transform));
+    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize));
+
+    ctx = xmlSecGnuTLSDigestGetCtx(transform);
+    xmlSecAssert(ctx != NULL);
+
+    if(ctx->digestCtx != NULL) {
+        gcry_md_close(ctx->digestCtx);
+    }
+    memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
+}
+
+static int
+xmlSecGnuTLSDigestVerify(xmlSecTransformPtr transform,
+                        const xmlSecByte* data, xmlSecSize dataSize,
+                        xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGnuTLSDigestCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+    xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+    xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+    xmlSecAssert2(data != NULL, -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    ctx = xmlSecGnuTLSDigestGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+    if(dataSize != ctx->dgstSize) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_DATA,
+                    "data and digest sizes are different (data=%d, dgst=%d)",
+                    dataSize, ctx->dgstSize);
+        transform->status = xmlSecTransformStatusFail;
+        return(0);
+    }
+
+    if(memcmp(ctx->dgst, data, dataSize) != 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_DATA,
+                    "data and digest do not match");
+        transform->status = xmlSecTransformStatusFail;
+        return(0);
+    }
+
+    transform->status = xmlSecTransformStatusOk;
+    return(0);
+}
+
+static int
+xmlSecGnuTLSDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGnuTLSDigestCtxPtr ctx;
+    xmlSecBufferPtr in, out;
+    int ret;
+
+    xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+
+    ctx = xmlSecGnuTLSDigestGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->digest != GCRY_MD_NONE, -1);
+    xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+    in = &(transform->inBuf);
+    out = &(transform->outBuf);
+
+    if(transform->status == xmlSecTransformStatusNone) {
+        transform->status = xmlSecTransformStatusWorking;
+    }
+
+    if(transform->status == xmlSecTransformStatusWorking) {
+        xmlSecSize inSize;
+
+        inSize = xmlSecBufferGetSize(in);
+        if(inSize > 0) {
+            gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+            ret = xmlSecBufferRemoveHead(in, inSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecBufferRemoveHead",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            "size=%d", inSize);
+                return(-1);
+            }
+        }
+        if(last) {
+            xmlSecByte* buf;
+
+            /* get the final digest */
+            gcry_md_final(ctx->digestCtx);
+            buf = gcry_md_read(ctx->digestCtx, ctx->digest);
+            if(buf == NULL) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "gcry_md_read",
+                            XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                return(-1);
+            }
+
+            /* copy it to our internal buffer */
+            ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+            xmlSecAssert2(ctx->dgstSize > 0, -1);
+            xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
+            memcpy(ctx->dgst, buf, ctx->dgstSize);
+
+            /* and to the output if needed */
+            if(transform->operation == xmlSecTransformOperationSign) {
+                ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+                if(ret < 0) {
+                    xmlSecError(XMLSEC_ERRORS_HERE,
+                                xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                                "xmlSecBufferAppend",
+                                XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                                "size=%d", ctx->dgstSize);
+                    return(-1);
+                }
+            }
+            transform->status = xmlSecTransformStatusFinished;
+        }
+    } else if(transform->status == xmlSecTransformStatusFinished) {
+        /* the only way we can get here is if there is no input */
+        xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_STATUS,
+                    "status=%d", transform->status);
+        return(-1);
+    }
+
+    return(0);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * SHA1 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha1Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSDigestSize,                     /* xmlSecSize objSize */
+
+    /* data */
+    xmlSecNameSha1,                             /* const xmlChar* name; */
+    xmlSecHrefSha1,                             /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+
+    /* methods */
+    xmlSecGnuTLSDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha1GetKlass(void) {
+    return(&xmlSecGnuTLSSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha256Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSDigestSize,                     /* xmlSecSize objSize */
+
+    /* data */
+    xmlSecNameSha256,                           /* const xmlChar* name; */
+    xmlSecHrefSha256,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+
+    /* methods */
+    xmlSecGnuTLSDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha256GetKlass(void) {
+    return(&xmlSecGnuTLSSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha384Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSDigestSize,                     /* xmlSecSize objSize */
+
+    /* data */
+    xmlSecNameSha384,                           /* const xmlChar* name; */
+    xmlSecHrefSha384,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+
+    /* methods */
+    xmlSecGnuTLSDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha384GetKlass(void) {
+    return(&xmlSecGnuTLSSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha512Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSDigestSize,                     /* xmlSecSize objSize */
+
+    /* data */
+    xmlSecNameSha512,                           /* const xmlChar* name; */
+    xmlSecHrefSha512,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+
+    /* methods */
+    xmlSecGnuTLSDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha512GetKlass(void) {
+    return(&xmlSecGnuTLSSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * MD5 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSMd5Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSDigestSize,                     /* xmlSecSize objSize */
+
+    /* data */
+    xmlSecNameMd5,                           /* const xmlChar* name; */
+    xmlSecHrefMd5,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+
+    /* methods */
+    xmlSecGnuTLSDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformMd5GetKlass(void) {
+    return(&xmlSecGnuTLSMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * RIPEMD160 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSRipemd160Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSDigestSize,                     /* xmlSecSize objSize */
+
+    /* data */
+    xmlSecNameRipemd160,                           /* const xmlChar* name; */
+    xmlSecHrefRipemd160,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+
+    /* methods */
+    xmlSecGnuTLSDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformRipemd160GetKlass:
+ *
+ * RIPEMD160 digest transform klass.
+ *
+ * Returns: pointer to RIPEMD160 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRipemd160GetKlass(void) {
+    return(&xmlSecGnuTLSRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
diff --git a/src/gcrypt/globals.h b/src/gcrypt/globals.h
new file mode 100644
index 0000000..770b6db
--- /dev/null
+++ b/src/gcrypt/globals.h
@@ -0,0 +1,24 @@
+/*
+ * XML Security Library
+ *
+ * globals.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/gcrypt/hmac.c b/src/gcrypt/hmac.c
new file mode 100644
index 0000000..f965b8d
--- /dev/null
+++ b/src/gcrypt/hmac.c
@@ -0,0 +1,824 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+/* sizes in bits */
+#define XMLSEC_GNUTLS_MIN_HMAC_SIZE             80
+#define XMLSEC_GNUTLS_MAX_HMAC_SIZE             (128 * 8)
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_gnutls_hmac_min_length = XMLSEC_GNUTLS_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecGnuTLSHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecGnuTLSHmacGetMinOutputLength(void)
+{
+    return g_xmlsec_gnutls_hmac_min_length;
+}
+
+/**
+ * xmlSecGnuTLSHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecGnuTLSHmacSetMinOutputLength(int min_length)
+{
+    g_xmlsec_gnutls_hmac_min_length = min_length;
+}
+
+/**************************************************************************
+ *
+ * Internal GNUTLS HMAC CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGnuTLSHmacCtx             xmlSecGnuTLSHmacCtx, *xmlSecGnuTLSHmacCtxPtr;
+struct _xmlSecGnuTLSHmacCtx {
+    int                 digest;
+    gcry_md_hd_t        digestCtx;
+    xmlSecByte          dgst[XMLSEC_GNUTLS_MAX_HMAC_SIZE / 8];
+    xmlSecSize          dgstSize;       /* dgst size in bits */
+};
+
+/******************************************************************************
+ *
+ * HMAC transforms
+ *
+ * xmlSecGnuTLSHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSHmacGetCtx(transform) \
+    ((xmlSecGnuTLSHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGnuTLSHmacSize    \
+    (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSHmacCtx))
+
+static int      xmlSecGnuTLSHmacCheckId                 (xmlSecTransformPtr transform);
+static int      xmlSecGnuTLSHmacInitialize              (xmlSecTransformPtr transform);
+static void     xmlSecGnuTLSHmacFinalize                (xmlSecTransformPtr transform);
+static int      xmlSecGnuTLSHmacNodeRead                (xmlSecTransformPtr transform,
+                                                         xmlNodePtr node,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGnuTLSHmacSetKeyReq               (xmlSecTransformPtr transform,
+                                                         xmlSecKeyReqPtr keyReq);
+static int      xmlSecGnuTLSHmacSetKey                  (xmlSecTransformPtr transform,
+                                                         xmlSecKeyPtr key);
+static int      xmlSecGnuTLSHmacVerify                  (xmlSecTransformPtr transform,
+                                                         const xmlSecByte* data,
+                                                         xmlSecSize dataSize,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGnuTLSHmacExecute                 (xmlSecTransformPtr transform,
+                                                         int last,
+                                                         xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGnuTLSHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha1Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha256Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha384Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha512Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacRipemd160Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacMd5Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_MD5 */
+
+    /* not found */
+    {
+        return(0);
+    }
+
+    /* just in case */
+    return(0);
+}
+
+
+static int
+xmlSecGnuTLSHmacInitialize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSHmacCtxPtr ctx;
+    gpg_err_code_t ret;
+
+    xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+
+    ctx = xmlSecGnuTLSHmacGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
+
+#ifndef XMLSEC_NO_SHA1
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha1Id)) {
+        ctx->digest = GCRY_MD_SHA1;
+    } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha256Id)) {
+        ctx->digest = GCRY_MD_SHA256;
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha384Id)) {
+        ctx->digest = GCRY_MD_SHA384;
+    } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha512Id)) {
+        ctx->digest = GCRY_MD_SHA512;
+    } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacRipemd160Id)) {
+        ctx->digest = GCRY_MD_RMD160;
+    } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacMd5Id)) {
+        ctx->digest = GCRY_MD_MD5;
+    } else
+#endif /* XMLSEC_NO_MD5 */
+
+    /* not found */
+    {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    /* open context */
+    ret = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "gcry_md_open",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    return(0);
+}
+
+static void
+xmlSecGnuTLSHmacFinalize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSHmacCtxPtr ctx;
+
+    xmlSecAssert(xmlSecGnuTLSHmacCheckId(transform));
+    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize));
+
+    ctx = xmlSecGnuTLSHmacGetCtx(transform);
+    xmlSecAssert(ctx != NULL);
+
+    if(ctx->digestCtx != NULL) {
+        gcry_md_close(ctx->digestCtx);
+    }
+    memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
+}
+
+/**
+ * xmlSecGnuTLSHmacNodeRead:
+ *
+ * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ *
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ *   <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * Schema Definition:
+ *
+ * <simpleType name="HMACOutputLengthType">
+ *   <restriction base="integer"/>
+ * </simpleType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT HMACOutputLength (#PCDATA)>
+ */
+static int
+xmlSecGnuTLSHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGnuTLSHmacCtxPtr ctx;
+    xmlNodePtr cur;
+
+    xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    ctx = xmlSecGnuTLSHmacGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    cur = xmlSecGetNextElementNode(node->children);
+    if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+        xmlChar *content;
+
+        content = xmlNodeGetContent(cur);
+        if(content != NULL) {
+            ctx->dgstSize = atoi((char*)content);
+            xmlFree(content);
+        }
+
+        /* Ensure that HMAC length is greater than min specified.
+           Otherwise, an attacker can set this lenght to 0 or very
+           small value
+        */
+        if((int)ctx->dgstSize < xmlSecGnuTLSHmacGetMinOutputLength()) {
+           xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+                    "HMAC output length is too small");
+           return(-1);
+        }
+
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+
+    if(cur != NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+                    XMLSEC_ERRORS_R_INVALID_NODE,
+                    "no nodes expected");
+        return(-1);
+    }
+    return(0);
+}
+
+
+static int
+xmlSecGnuTLSHmacSetKeyReq(xmlSecTransformPtr transform,  xmlSecKeyReqPtr keyReq) {
+    xmlSecGnuTLSHmacCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+    xmlSecAssert2(keyReq != NULL, -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+
+    ctx = xmlSecGnuTLSHmacGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    keyReq->keyId  = xmlSecGnuTLSKeyDataHmacId;
+    keyReq->keyType= xmlSecKeyDataTypeSymmetric;
+    if(transform->operation == xmlSecTransformOperationSign) {
+        keyReq->keyUsage = xmlSecKeyUsageSign;
+    } else {
+        keyReq->keyUsage = xmlSecKeyUsageVerify;
+    }
+
+    return(0);
+}
+
+static int
+xmlSecGnuTLSHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+    xmlSecGnuTLSHmacCtxPtr ctx;
+    xmlSecKeyDataPtr value;
+    xmlSecBufferPtr buffer;
+    int ret;
+
+    xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+    xmlSecAssert2(key != NULL, -1);
+
+    ctx = xmlSecGnuTLSHmacGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+    value = xmlSecKeyGetValue(key);
+    xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGnuTLSKeyDataHmacId), -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+    xmlSecAssert2(buffer != NULL, -1);
+
+    if(xmlSecBufferGetSize(buffer) == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+                    "key is empty");
+        return(-1);
+    }
+
+    ret = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
+                        xmlSecBufferGetSize(buffer));
+    if(ret != 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "gcry_md_setkey",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        return(-1);
+    }
+    return(0);
+}
+
+static int
+xmlSecGnuTLSHmacVerify(xmlSecTransformPtr transform,
+                        const xmlSecByte* data, xmlSecSize dataSize,
+                        xmlSecTransformCtxPtr transformCtx) {
+    static xmlSecByte last_byte_masks[] =
+                { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+    xmlSecGnuTLSHmacCtxPtr ctx;
+    xmlSecByte mask;
+
+    xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+    xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+    xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+    xmlSecAssert2(data != NULL, -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    ctx = xmlSecGnuTLSHmacGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->digestCtx != NULL, -1);
+    xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+    /* compare the digest size in bytes */
+    if(dataSize != ((ctx->dgstSize + 7) / 8)){
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_SIZE,
+                    "data=%d;dgst=%d",
+                    dataSize, ((ctx->dgstSize + 7) / 8));
+        transform->status = xmlSecTransformStatusFail;
+        return(0);
+    }
+
+    /* we check the last byte separatelly */
+    xmlSecAssert2(dataSize > 0, -1);
+    mask = last_byte_masks[ctx->dgstSize % 8];
+    if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1]  & mask)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+                    "data and digest do not match (last byte)");
+        transform->status = xmlSecTransformStatusFail;
+        return(0);
+    }
+
+    /* now check the rest of the digest */
+    if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+                    "data and digest do not match");
+        transform->status = xmlSecTransformStatusFail;
+        return(0);
+    }
+
+    transform->status = xmlSecTransformStatusOk;
+    return(0);
+}
+
+static int
+xmlSecGnuTLSHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGnuTLSHmacCtxPtr ctx;
+    xmlSecBufferPtr in, out;
+    xmlSecByte* dgst;
+    xmlSecSize dgstSize;
+    int ret;
+
+    xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    ctx = xmlSecGnuTLSHmacGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+    in = &(transform->inBuf);
+    out = &(transform->outBuf);
+
+    if(transform->status == xmlSecTransformStatusNone) {
+        transform->status = xmlSecTransformStatusWorking;
+    }
+
+    if(transform->status == xmlSecTransformStatusWorking) {
+        xmlSecSize inSize;
+
+        inSize = xmlSecBufferGetSize(in);
+        if(inSize > 0) {
+            gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+            ret = xmlSecBufferRemoveHead(in, inSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecBufferRemoveHead",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            "size=%d", inSize);
+                return(-1);
+            }
+        }
+        if(last) {
+            /* get the final digest */
+            gcry_md_final(ctx->digestCtx);
+            dgst = gcry_md_read(ctx->digestCtx, ctx->digest);
+            if(dgst == NULL) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "gcry_md_read",
+                            XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                return(-1);
+            }
+
+            /* copy it to our internal buffer */
+            dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+            xmlSecAssert2(dgstSize > 0, -1);
+            xmlSecAssert2(dgstSize <= sizeof(ctx->dgst), -1);
+            memcpy(ctx->dgst, dgst, dgstSize);
+
+            /* check/set the result digest size */
+            if(ctx->dgstSize == 0) {
+                ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
+            } else if(ctx->dgstSize <= 8 * dgstSize) {
+                dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+            } else {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            NULL,
+                            XMLSEC_ERRORS_R_INVALID_SIZE,
+                            "result-bits=%d;required-bits=%d",
+                            8 * dgstSize, ctx->dgstSize);
+                return(-1);
+            }
+
+            if(transform->operation == xmlSecTransformOperationSign) {
+                ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+                if(ret < 0) {
+                    xmlSecError(XMLSEC_ERRORS_HERE,
+                                xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                                "xmlSecBufferAppend",
+                                XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                                "size=%d", dgstSize);
+                    return(-1);
+                }
+            }
+            transform->status = xmlSecTransformStatusFinished;
+        }
+    } else if(transform->status == xmlSecTransformStatusFinished) {
+        /* the only way we can get here is if there is no input */
+        xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_STATUS,
+                    "size=%d", transform->status);
+        return(-1);
+    }
+
+    return(0);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * HMAC SHA1
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha1Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSHmacSize,                       /* xmlSecSize objSize */
+
+    xmlSecNameHmacSha1,                         /* const xmlChar* name; */
+    xmlSecHrefHmacSha1,                         /* const xmlChar *href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecGnuTLSHmacInitialize,                 /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSHmacFinalize,                   /* xmlSecTransformFinalizeMethod finalize; */
+    xmlSecGnuTLSHmacNodeRead,                   /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSHmacSetKeyReq,                  /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecGnuTLSHmacSetKey,                     /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSHmacVerify,                     /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSHmacExecute,                    /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha1GetKlass(void) {
+    return(&xmlSecGnuTLSHmacSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * HMAC SHA256
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha256Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSHmacSize,                       /* xmlSecSize objSize */
+
+    xmlSecNameHmacSha256,                       /* const xmlChar* name; */
+    xmlSecHrefHmacSha256,                       /* const xmlChar *href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecGnuTLSHmacInitialize,                 /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSHmacFinalize,                   /* xmlSecTransformFinalizeMethod finalize; */
+    xmlSecGnuTLSHmacNodeRead,                   /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSHmacSetKeyReq,                  /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecGnuTLSHmacSetKey,                     /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSHmacVerify,                     /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSHmacExecute,                    /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha256GetKlass(void) {
+    return(&xmlSecGnuTLSHmacSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * HMAC SHA384
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha384Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSHmacSize,                       /* xmlSecSize objSize */
+
+    xmlSecNameHmacSha384,                       /* const xmlChar* name; */
+    xmlSecHrefHmacSha384,                       /* const xmlChar *href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecGnuTLSHmacInitialize,                 /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSHmacFinalize,                   /* xmlSecTransformFinalizeMethod finalize; */
+    xmlSecGnuTLSHmacNodeRead,                   /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSHmacSetKeyReq,                  /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecGnuTLSHmacSetKey,                     /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSHmacVerify,                     /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSHmacExecute,                    /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha384GetKlass(void) {
+    return(&xmlSecGnuTLSHmacSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * HMAC SHA512
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha512Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSHmacSize,                       /* xmlSecSize objSize */
+
+    xmlSecNameHmacSha512,                       /* const xmlChar* name; */
+    xmlSecHrefHmacSha512,                       /* const xmlChar *href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecGnuTLSHmacInitialize,                 /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSHmacFinalize,                   /* xmlSecTransformFinalizeMethod finalize; */
+    xmlSecGnuTLSHmacNodeRead,                   /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSHmacSetKeyReq,                  /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecGnuTLSHmacSetKey,                     /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSHmacVerify,                     /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSHmacExecute,                    /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha512GetKlass(void) {
+    return(&xmlSecGnuTLSHmacSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * HMAC Ripemd160
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacRipemd160Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSHmacSize,                       /* xmlSecSize objSize */
+
+    xmlSecNameHmacRipemd160,                    /* const xmlChar* name; */
+    xmlSecHrefHmacRipemd160,                    /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecGnuTLSHmacInitialize,                 /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSHmacFinalize,                   /* xmlSecTransformFinalizeMethod finalize; */
+    xmlSecGnuTLSHmacNodeRead,                   /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSHmacSetKeyReq,                  /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecGnuTLSHmacSetKey,                     /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSHmacVerify,                     /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSHmacExecute,                    /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacRipemd160GetKlass(void) {
+    return(&xmlSecGnuTLSHmacRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * HMAC MD5
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacMd5Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSHmacSize,                       /* xmlSecSize objSize */
+
+    xmlSecNameHmacMd5,                          /* const xmlChar* name; */
+    xmlSecHrefHmacMd5,                          /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecGnuTLSHmacInitialize,                 /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSHmacFinalize,                   /* xmlSecTransformFinalizeMethod finalize; */
+    xmlSecGnuTLSHmacNodeRead,                   /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSHmacSetKeyReq,                  /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecGnuTLSHmacSetKey,                     /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGnuTLSHmacVerify,                     /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSHmacExecute,                    /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacMd5GetKlass(void) {
+    return(&xmlSecGnuTLSHmacMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+
+#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gcrypt/kw_aes.c b/src/gcrypt/kw_aes.c
new file mode 100644
index 0000000..b47eec4
--- /dev/null
+++ b/src/gcrypt/kw_aes.c
@@ -0,0 +1,594 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_AES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+#include "../kw_aes_des.h"
+
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int        xmlSecGnuTLSKWAesBlockEncrypt                 (const xmlSecByte * in, 
+                                                                 xmlSecSize inSize,
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize,
+                                                                 void * context);
+static int        xmlSecGnuTLSKWAesBlockDecrypt                 (const xmlSecByte * in, 
+                                                                 xmlSecSize inSize,
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize,
+                                                                 void * context);
+static xmlSecKWAesKlass xmlSecGnuTLSKWAesKlass = {
+    /* callbacks */
+    xmlSecGnuTLSKWAesBlockEncrypt,          /* xmlSecKWAesBlockEncryptMethod       encrypt; */
+    xmlSecGnuTLSKWAesBlockDecrypt,          /* xmlSecKWAesBlockDecryptMethod       decrypt; */
+
+    /* for the future */
+    NULL,                                   /* void*                               reserved0; */
+    NULL                                    /* void*                               reserved1; */
+};
+
+
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecGnuTLSKWAesCtx              xmlSecGnuTLSKWAesCtx,
+                                                  *xmlSecGnuTLSKWAesCtxPtr;
+struct _xmlSecGnuTLSKWAesCtx {
+    int                 cipher;
+    int                 mode;
+    int                 flags;
+    xmlSecSize          blockSize;
+    xmlSecSize          keyExpectedSize;
+
+    xmlSecBuffer        keyBuffer;
+};
+#define xmlSecGnuTLSKWAesSize     \
+    (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSKWAesCtx))
+#define xmlSecGnuTLSKWAesGetCtx(transform) \
+    ((xmlSecGnuTLSKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGnuTLSKWAesCheckId(transform) \
+    (xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes128Id) || \
+     xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes192Id) || \
+     xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes256Id))
+
+static int      xmlSecGnuTLSKWAesInitialize                     (xmlSecTransformPtr transform);
+static void     xmlSecGnuTLSKWAesFinalize                       (xmlSecTransformPtr transform);
+static int      xmlSecGnuTLSKWAesSetKeyReq                      (xmlSecTransformPtr transform,
+                                                                 xmlSecKeyReqPtr keyReq);
+static int      xmlSecGnuTLSKWAesSetKey                         (xmlSecTransformPtr transform,
+                                                                 xmlSecKeyPtr key);
+static int      xmlSecGnuTLSKWAesExecute                        (xmlSecTransformPtr transform,
+                                                                 int last,
+                                                                 xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGnuTLSKWAesInitialize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSKWAesCtxPtr ctx;
+    int ret;
+
+    xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+
+    ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes128Id)) {
+        ctx->cipher             = GCRY_CIPHER_AES128;
+        ctx->keyExpectedSize    = XMLSEC_KW_AES128_KEY_SIZE;
+    } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes192Id)) {
+        ctx->cipher             = GCRY_CIPHER_AES192;
+        ctx->keyExpectedSize    = XMLSEC_KW_AES192_KEY_SIZE;
+    } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes256Id)) {
+        ctx->cipher             = GCRY_CIPHER_AES256;
+        ctx->keyExpectedSize    = XMLSEC_KW_AES256_KEY_SIZE;
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    ctx->mode           = GCRY_CIPHER_MODE_CBC;
+    ctx->flags          = GCRY_CIPHER_SECURE; /* we are paranoid */
+    ctx->blockSize      = gcry_cipher_get_algo_blklen(ctx->cipher);
+    xmlSecAssert2(ctx->blockSize > 0, -1);
+
+    ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecGnuTLSKWAesGetKey",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    return(0);
+}
+
+static void
+xmlSecGnuTLSKWAesFinalize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSKWAesCtxPtr ctx;
+
+    xmlSecAssert(xmlSecGnuTLSKWAesCheckId(transform));
+    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize));
+
+    ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+    xmlSecAssert(ctx != NULL);
+
+    xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGnuTLSKWAesSetKeyReq(xmlSecTransformPtr transform,  xmlSecKeyReqPtr keyReq) {
+    xmlSecGnuTLSKWAesCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+    xmlSecAssert2(keyReq != NULL, -1);
+
+    ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    keyReq->keyId    = xmlSecGnuTLSKeyDataAesId;
+    keyReq->keyType  = xmlSecKeyDataTypeSymmetric;
+    if(transform->operation == xmlSecTransformOperationEncrypt) {
+        keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+    } else {
+        keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+    }
+    keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
+    return(0);
+}
+
+static int
+xmlSecGnuTLSKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+    xmlSecGnuTLSKWAesCtxPtr ctx;
+    xmlSecBufferPtr buffer;
+    xmlSecSize keySize;
+    int ret;
+
+    xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataAesId), -1);
+
+    ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+    xmlSecAssert2(buffer != NULL, -1);
+
+    keySize = xmlSecBufferGetSize(buffer);
+    if(keySize < ctx->keyExpectedSize) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+                    "key=%d;expected=%d",
+                    keySize, ctx->keyExpectedSize);
+        return(-1);
+    }
+
+    ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+                            xmlSecBufferGetData(buffer),
+                            ctx->keyExpectedSize);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecBufferSetData",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "expected-size=%d", 
+                    ctx->keyExpectedSize);
+        return(-1);
+    }
+
+    return(0);
+}
+
+static int
+xmlSecGnuTLSKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGnuTLSKWAesCtxPtr ctx;
+    xmlSecBufferPtr in, out;
+    xmlSecSize inSize, outSize, keySize;
+    int ret;
+
+    xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+    xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
+
+    in = &(transform->inBuf);
+    out = &(transform->outBuf);
+    inSize = xmlSecBufferGetSize(in);
+    outSize = xmlSecBufferGetSize(out);
+    xmlSecAssert2(outSize == 0, -1);
+
+    if(transform->status == xmlSecTransformStatusNone) {
+        transform->status = xmlSecTransformStatusWorking;
+    }
+
+    if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+        /* just do nothing */
+    } else  if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+        if((inSize % 8) != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        NULL,
+                        XMLSEC_ERRORS_R_INVALID_SIZE,
+                        "size=%d(not 8 bytes aligned)", inSize);
+            return(-1);
+        }
+
+        if(transform->operation == xmlSecTransformOperationEncrypt) {
+            /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+            outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+                               XMLSEC_KW_AES_BLOCK_SIZE;
+        } else {
+            outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+        }
+
+        ret = xmlSecBufferSetMaxSize(out, outSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferSetMaxSize",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "outSize=%d", outSize);
+            return(-1);
+        }
+
+        if(transform->operation == xmlSecTransformOperationEncrypt) {
+            ret = xmlSecKWAesEncode(&xmlSecGnuTLSKWAesKlass, ctx,
+                                    xmlSecBufferGetData(in), inSize,
+                                    xmlSecBufferGetData(out), outSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecKWAesEncode",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                return(-1);
+            }
+            outSize = ret;
+        } else {
+            ret = xmlSecKWAesDecode(&xmlSecGnuTLSKWAesKlass, ctx,
+                                    xmlSecBufferGetData(in), inSize,
+                                    xmlSecBufferGetData(out), outSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecKWAesEncode",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                return(-1);
+            }
+            outSize = ret;
+        }
+
+        ret = xmlSecBufferSetSize(out, outSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferSetSize",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "outSize=%d", outSize);
+            return(-1);
+        }
+
+        ret = xmlSecBufferRemoveHead(in, inSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferRemoveHead",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "inSize%d", inSize);
+            return(-1);
+        }
+
+        transform->status = xmlSecTransformStatusFinished;
+    } else if(transform->status == xmlSecTransformStatusFinished) {
+        /* the only way we can get here is if there is no input */
+        xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_STATUS,
+                    "status=%d", transform->status);
+        return(-1);
+    }
+    return(0);
+}
+
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes128Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSKWAesSize,                      /* xmlSecSize objSize */
+
+    xmlSecNameKWAes128,                         /* const xmlChar* name; */
+    xmlSecHrefKWAes128,                         /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecGnuTLSKWAesInitialize,                /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSKWAesFinalize,                  /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSKWAesSetKeyReq,                 /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecGnuTLSKWAesSetKey,                    /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSKWAesExecute,                   /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes128GetKlass(void) {
+    return(&xmlSecGnuTLSKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes192Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSKWAesSize,                      /* xmlSecSize objSize */
+
+    xmlSecNameKWAes192,                         /* const xmlChar* name; */
+    xmlSecHrefKWAes192,                         /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecGnuTLSKWAesInitialize,                /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSKWAesFinalize,                  /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSKWAesSetKeyReq,                 /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecGnuTLSKWAesSetKey,                    /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSKWAesExecute,                   /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecGnuTLSTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes192GetKlass(void) {
+    return(&xmlSecGnuTLSKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes256Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSKWAesSize,                      /* xmlSecSize objSize */
+
+    xmlSecNameKWAes256,                         /* const xmlChar* name; */
+    xmlSecHrefKWAes256,                         /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecGnuTLSKWAesInitialize,                /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSKWAesFinalize,                  /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSKWAesSetKeyReq,                 /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecGnuTLSKWAesSetKey,                    /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSKWAesExecute,                   /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes256GetKlass(void) {
+    return(&xmlSecGnuTLSKWAes256Klass);
+}
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static unsigned char g_zero_iv[XMLSEC_KW_AES_BLOCK_SIZE] =
+    { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+static int
+xmlSecGnuTLSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+                               xmlSecByte * out, xmlSecSize outSize,
+                               void * context) {
+    xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
+    gcry_cipher_hd_t cipherCtx;
+    gpg_err_code_t ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize >= ctx->blockSize, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+    ret = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags); 
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_open",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = gcry_cipher_setkey(cipherCtx,
+                             xmlSecBufferGetData(&ctx->keyBuffer),
+                             xmlSecBufferGetSize(&ctx->keyBuffer));
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_setkey",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        return(-1);
+    }
+
+    /* use zero IV and CBC mode to ensure we get result as-is */
+    ret = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_setiv",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        return(-1);
+    }
+
+    ret = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_encrypt",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        gcry_cipher_close(cipherCtx);
+        return(-1);
+    }
+    gcry_cipher_close(cipherCtx);
+
+    return(ctx->blockSize);
+}
+
+static int
+xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+                               xmlSecByte * out, xmlSecSize outSize,
+                               void * context) {
+    xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
+    gcry_cipher_hd_t cipherCtx;
+    gpg_err_code_t ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize >= ctx->blockSize, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+    ret = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_open",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = gcry_cipher_setkey(cipherCtx,
+                             xmlSecBufferGetData(&ctx->keyBuffer),
+                             xmlSecBufferGetSize(&ctx->keyBuffer));
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_setkey",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        return(-1);
+    }
+
+    /* use zero IV and CBC mode to ensure we get result as-is */
+    ret = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_setiv",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        return(-1);
+    }
+
+    ret = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_decrypt",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ret=%d", ret);
+        gcry_cipher_close(cipherCtx);
+        return(-1);
+    }
+    gcry_cipher_close(cipherCtx);
+
+    return(ctx->blockSize);
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/gcrypt/kw_des.c b/src/gcrypt/kw_des.c
new file mode 100644
index 0000000..d6af1ef
--- /dev/null
+++ b/src/gcrypt/kw_des.c
@@ -0,0 +1,610 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+#include "../kw_aes_des.h"
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int       xmlSecGnuTLSKWDes3GenerateRandom               (void * context,
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize);
+static int       xmlSecGnuTLSKWDes3Sha1                         (void * context,
+                                                                 const xmlSecByte * in, 
+                                                                 xmlSecSize inSize, 
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize);
+static int      xmlSecGnuTLSKWDes3BlockEncrypt                  (void * context,
+                                                                 const xmlSecByte * iv, 
+                                                                 xmlSecSize ivSize,
+                                                                 const xmlSecByte * in, 
+                                                                 xmlSecSize inSize,
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize);
+static int      xmlSecGnuTLSKWDes3BlockDecrypt                  (void * context,
+                                                                 const xmlSecByte * iv, 
+                                                                 xmlSecSize ivSize,
+                                                                 const xmlSecByte * in, 
+                                                                 xmlSecSize inSize,
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecGnuTLSKWDes3ImplKlass = {
+    /* callbacks */
+    xmlSecGnuTLSKWDes3GenerateRandom,       /* xmlSecKWDes3GenerateRandomMethod     generateRandom; */
+    xmlSecGnuTLSKWDes3Sha1,                 /* xmlSecKWDes3Sha1Method               sha1; */
+    xmlSecGnuTLSKWDes3BlockEncrypt,         /* xmlSecKWDes3BlockEncryptMethod       encrypt; */
+    xmlSecGnuTLSKWDes3BlockDecrypt,         /* xmlSecKWDes3BlockDecryptMethod       decrypt; */
+
+    /* for the future */
+    NULL,                                   /* void*                               reserved0; */
+    NULL,                                   /* void*                               reserved1; */
+};
+
+static int      xmlSecGnuTLSKWDes3Encrypt                       (const xmlSecByte *key, 
+                                                                 xmlSecSize keySize,
+                                                                 const xmlSecByte *iv, 
+                                                                 xmlSecSize ivSize,
+                                                                 const xmlSecByte *in, 
+                                                                 xmlSecSize inSize,
+                                                                 xmlSecByte *out, 
+                                                                 xmlSecSize outSize, 
+                                                                 int enc);
+
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecGnuTLSKWDes3Ctx              xmlSecGnuTLSKWDes3Ctx,
+                                                  *xmlSecGnuTLSKWDes3CtxPtr;
+struct _xmlSecGnuTLSKWDes3Ctx {
+    xmlSecBuffer        keyBuffer;
+};
+#define xmlSecGnuTLSKWDes3Size     \
+    (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSKWDes3Ctx))
+#define xmlSecGnuTLSKWDes3GetCtx(transform) \
+    ((xmlSecGnuTLSKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int      xmlSecGnuTLSKWDes3Initialize                    (xmlSecTransformPtr transform);
+static void     xmlSecGnuTLSKWDes3Finalize                      (xmlSecTransformPtr transform);
+static int      xmlSecGnuTLSKWDes3SetKeyReq                     (xmlSecTransformPtr transform,
+                                                                 xmlSecKeyReqPtr keyReq);
+static int      xmlSecGnuTLSKWDes3SetKey                        (xmlSecTransformPtr transform,
+                                                                 xmlSecKeyPtr key);
+static int      xmlSecGnuTLSKWDes3Execute                       (xmlSecTransformPtr transform,
+                                                                 int last,
+                                                                 xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecGnuTLSKWDes3Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGnuTLSKWDes3Size,                     /* xmlSecSize objSize */
+
+    xmlSecNameKWDes3,                           /* const xmlChar* name; */
+    xmlSecHrefKWDes3,                           /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecGnuTLSKWDes3Initialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGnuTLSKWDes3Finalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecGnuTLSKWDes3SetKeyReq,                /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecGnuTLSKWDes3SetKey,                   /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGnuTLSKWDes3Execute,                  /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWDes3GetKlass(void) {
+    return(&xmlSecGnuTLSKWDes3Klass);
+}
+
+static int
+xmlSecGnuTLSKWDes3Initialize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx;
+    int ret;
+
+    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
+
+    ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecBufferInitialize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    return(0);
+}
+
+static void
+xmlSecGnuTLSKWDes3Finalize(xmlSecTransformPtr transform) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx;
+
+    xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id));
+    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size));
+
+    ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+    xmlSecAssert(ctx != NULL);
+
+    xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGnuTLSKWDes3SetKeyReq(xmlSecTransformPtr transform,  xmlSecKeyReqPtr keyReq) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx;
+
+    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
+    xmlSecAssert2(keyReq != NULL, -1);
+
+    ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    keyReq->keyId       = xmlSecGnuTLSKeyDataDesId;
+    keyReq->keyType     = xmlSecKeyDataTypeSymmetric;
+    if(transform->operation == xmlSecTransformOperationEncrypt) {
+        keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+    } else {
+        keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+    }
+    keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+    return(0);
+}
+
+static int
+xmlSecGnuTLSKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx;
+    xmlSecBufferPtr buffer;
+    xmlSecSize keySize;
+    int ret;
+
+    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataDesId), -1);
+
+    ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+    xmlSecAssert2(buffer != NULL, -1);
+
+    keySize = xmlSecBufferGetSize(buffer);
+    if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+                    "key length %d is not enough (%d expected)",
+                    keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+        return(-1);
+    }
+
+    ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecBufferSetData",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+        return(-1);
+    }
+
+    return(0);
+}
+
+static int
+xmlSecGnuTLSKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx;
+    xmlSecBufferPtr in, out;
+    xmlSecSize inSize, outSize, keySize;
+    int ret;
+
+    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+    xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+    in = &(transform->inBuf);
+    out = &(transform->outBuf);
+    inSize = xmlSecBufferGetSize(in);
+    outSize = xmlSecBufferGetSize(out);
+    xmlSecAssert2(outSize == 0, -1);
+
+    if(transform->status == xmlSecTransformStatusNone) {
+        transform->status = xmlSecTransformStatusWorking;
+    }
+
+    if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+        /* just do nothing */
+    } else  if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+        if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        NULL,
+                        XMLSEC_ERRORS_R_INVALID_SIZE,
+                        "%d bytes - not %d bytes aligned",
+                        inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+            return(-1);
+        }
+
+        if(transform->operation == xmlSecTransformOperationEncrypt) {
+            /* the encoded key might be 16 bytes longer plus one block just in case */
+            outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+                               XMLSEC_KW_DES3_BLOCK_LENGTH +
+                               XMLSEC_KW_DES3_BLOCK_LENGTH;
+        } else {
+            /* just in case, add a block */
+            outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+        }
+
+        ret = xmlSecBufferSetMaxSize(out, outSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferSetMaxSize",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", outSize);
+            return(-1);
+        }
+
+        if(transform->operation == xmlSecTransformOperationEncrypt) {
+            ret = xmlSecKWDes3Encode(&xmlSecGnuTLSKWDes3ImplKlass, ctx,
+                                    xmlSecBufferGetData(in), inSize,
+                                    xmlSecBufferGetData(out), outSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecKWDes3Encode",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            "key=%d,in=%d,out=%d",
+                            keySize, inSize, outSize);
+                return(-1);
+            }
+            outSize = ret;
+        } else {
+            ret = xmlSecKWDes3Decode(&xmlSecGnuTLSKWDes3ImplKlass, ctx,
+                                    xmlSecBufferGetData(in), inSize,
+                                    xmlSecBufferGetData(out), outSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecKWDes3Decode",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            "key=%d,in=%d,out=%d",
+                            keySize, inSize, outSize);
+                return(-1);
+            }
+            outSize = ret;
+        }
+
+        ret = xmlSecBufferSetSize(out, outSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferSetSize",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", outSize);
+            return(-1);
+        }
+
+        ret = xmlSecBufferRemoveHead(in, inSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferRemoveHead",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", inSize);
+            return(-1);
+        }
+
+        transform->status = xmlSecTransformStatusFinished;
+    } else if(transform->status == xmlSecTransformStatusFinished) {
+        /* the only way we can get here is if there is no input */
+        xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_STATUS,
+                    "status=%d", transform->status);
+        return(-1);
+    }
+    return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecGnuTLSKWDes3Sha1(void * context,
+                       const xmlSecByte * in, xmlSecSize inSize,
+                       xmlSecByte * out, xmlSecSize outSize) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
+    gcry_md_hd_t digestCtx;
+    unsigned char * res;
+    unsigned int len;
+    gpg_err_code_t ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize > 0, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize > 0, -1);
+
+    len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+    xmlSecAssert2(outSize >= len, -1);
+
+    ret = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_md_open(GCRY_MD_SHA1)",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    gcry_md_write(digestCtx, in, inSize);
+
+    ret = gcry_md_final(digestCtx);
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_md_final",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        gcry_md_close(digestCtx);
+        return(-1);
+    }
+
+    res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
+    if(res == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_md_read(GCRY_MD_SHA1)",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        gcry_md_close(digestCtx);
+        return(-1);
+    }
+
+    /* done */
+    xmlSecAssert2(outSize >= len, -1);
+    memcpy(out, res, len);
+    gcry_md_close(digestCtx);
+    return(len);
+}
+
+static int
+xmlSecGnuTLSKWDes3GenerateRandom(void * context,
+                                 xmlSecByte * out, xmlSecSize outSize) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize > 0, -1);
+
+    gcry_randomize(out, outSize, GCRY_STRONG_RANDOM);
+    return((int)outSize);
+}
+
+static int
+xmlSecGnuTLSKWDes3BlockEncrypt(void * context,
+                               const xmlSecByte * iv, xmlSecSize ivSize,
+                               const xmlSecByte * in, xmlSecSize inSize,
+                               xmlSecByte * out, xmlSecSize outSize) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+    xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+    xmlSecAssert2(iv != NULL, -1);
+    xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize > 0, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize >= inSize, -1);
+
+    ret = xmlSecGnuTLSKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
+                                    XMLSEC_KW_DES3_KEY_LENGTH,
+                                    iv, XMLSEC_KW_DES3_IV_LENGTH,
+                                    in, inSize,
+                                    out, outSize,
+                                    1); /* encrypt */
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecGnuTLSKWDes3Encrypt",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    return(ret);
+}
+
+static int
+xmlSecGnuTLSKWDes3BlockDecrypt(void * context,
+                               const xmlSecByte * iv, xmlSecSize ivSize,
+                               const xmlSecByte * in, xmlSecSize inSize,
+                               xmlSecByte * out, xmlSecSize outSize) {
+    xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+    xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+    xmlSecAssert2(iv != NULL, -1);
+    xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize > 0, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize >= inSize, -1);
+
+    ret = xmlSecGnuTLSKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
+                                    XMLSEC_KW_DES3_KEY_LENGTH,
+                                    iv, XMLSEC_KW_DES3_IV_LENGTH,
+                                    in, inSize,
+                                    out, outSize,
+                                    0); /* decrypt */
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecGnuTLSKWDes3Encrypt",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    return(ret);
+}
+
+static int
+xmlSecGnuTLSKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
+                           const xmlSecByte *iv, xmlSecSize ivSize,
+                           const xmlSecByte *in, xmlSecSize inSize,
+                           xmlSecByte *out, xmlSecSize outSize,
+                           int enc) {
+    size_t key_len = gcry_cipher_get_algo_keylen(GCRY_CIPHER_3DES);
+    size_t block_len = gcry_cipher_get_algo_blklen(GCRY_CIPHER_3DES);
+    gcry_cipher_hd_t cipherCtx;
+    gpg_err_code_t ret;
+
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(keySize >= key_len, -1);
+    xmlSecAssert2(iv != NULL, -1);
+    xmlSecAssert2(ivSize >= block_len, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize > 0, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize >= inSize, -1);
+
+    ret = gcry_cipher_open(&cipherCtx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); /* we are paranoid */
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_open(GCRY_CIPHER_3DES)",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = gcry_cipher_setkey(cipherCtx, key, keySize);
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_setkey",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "keySize=%d,ret=%d", 
+                    keySize, ret);
+        return(-1);
+    }
+
+    ret = gcry_cipher_setiv(cipherCtx, iv, ivSize);
+    if(ret != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "gcry_cipher_setiv",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ivSize=%d,ret=%d", 
+                    ivSize, ret);
+        return(-1);
+    }
+
+    if(enc) {
+        ret = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+        if(ret != GPG_ERR_NO_ERROR) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "gcry_cipher_encrypt",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "ret=%d", ret);
+            gcry_cipher_close(cipherCtx);
+            return(-1);
+        }
+    } else {
+        ret = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+        if(ret != GPG_ERR_NO_ERROR) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "gcry_cipher_decrypt",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "ret=%d", ret);
+            gcry_cipher_close(cipherCtx);
+            return(-1);
+        }
+    }
+
+    /* done */
+    gcry_cipher_close(cipherCtx);
+    return((int)inSize); /* out size == in size */
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gcrypt/symkeys.c b/src/gcrypt/symkeys.c
new file mode 100644
index 0000000..d2ea284
--- /dev/null
+++ b/src/gcrypt/symkeys.c
@@ -0,0 +1,440 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/*****************************************************************************
+ *
+ * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+static int      xmlSecGnuTLSSymKeyDataInitialize        (xmlSecKeyDataPtr data);
+static int      xmlSecGnuTLSSymKeyDataDuplicate         (xmlSecKeyDataPtr dst,
+                                                         xmlSecKeyDataPtr src);
+static void     xmlSecGnuTLSSymKeyDataFinalize          (xmlSecKeyDataPtr data);
+static int      xmlSecGnuTLSSymKeyDataXmlRead           (xmlSecKeyDataId id,
+                                                         xmlSecKeyPtr key,
+                                                         xmlNodePtr node,
+                                                         xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int      xmlSecGnuTLSSymKeyDataXmlWrite          (xmlSecKeyDataId id,
+                                                         xmlSecKeyPtr key,
+                                                         xmlNodePtr node,
+                                                         xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int      xmlSecGnuTLSSymKeyDataBinRead           (xmlSecKeyDataId id,
+                                                         xmlSecKeyPtr key,
+                                                         const xmlSecByte* buf,
+                                                         xmlSecSize bufSize,
+                                                         xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int      xmlSecGnuTLSSymKeyDataBinWrite          (xmlSecKeyDataId id,
+                                                         xmlSecKeyPtr key,
+                                                         xmlSecByte** buf,
+                                                         xmlSecSize* bufSize,
+                                                         xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int      xmlSecGnuTLSSymKeyDataGenerate          (xmlSecKeyDataPtr data,
+                                                         xmlSecSize sizeBits,
+                                                         xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGnuTLSSymKeyDataGetType  (xmlSecKeyDataPtr data);
+static xmlSecSize        xmlSecGnuTLSSymKeyDataGetSize  (xmlSecKeyDataPtr data);
+static void     xmlSecGnuTLSSymKeyDataDebugDump         (xmlSecKeyDataPtr data,
+                                                         FILE* output);
+static void     xmlSecGnuTLSSymKeyDataDebugXmlDump      (xmlSecKeyDataPtr data,
+                                                         FILE* output);
+static int      xmlSecGnuTLSSymKeyDataKlassCheck        (xmlSecKeyDataKlass* klass);
+
+#define xmlSecGnuTLSSymKeyDataCheckId(data) \
+    (xmlSecKeyDataIsValid((data)) && \
+     xmlSecGnuTLSSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecGnuTLSSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
+
+    return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(dst), -1);
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(src), -1);
+    xmlSecAssert2(dst->id == src->id, -1);
+
+    return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecGnuTLSSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+    xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+    xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecGnuTLSSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                               xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+    return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                                    xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+    return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                                    const xmlSecByte* buf, xmlSecSize bufSize,
+                                    xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+    return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+                                    xmlSecByte** buf, xmlSecSize* bufSize,
+                                    xmlSecKeyInfoCtxPtr keyInfoCtx) {
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+    return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+    xmlSecBufferPtr buffer;
+
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
+    xmlSecAssert2(sizeBits > 0, -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+    xmlSecAssert2(buffer != NULL, -1);
+
+    return(xmlSecGnuTLSGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSSymKeyDataGetType(xmlSecKeyDataPtr data) {
+    xmlSecBufferPtr buffer;
+
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+    xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+    return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGnuTLSSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), 0);
+
+    return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecGnuTLSSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+    xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecGnuTLSSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+    xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecGnuTLSSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+#ifndef XMLSEC_NO_DES
+    if(klass == xmlSecGnuTLSKeyDataDesId) {
+        return(1);
+    }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+    if(klass == xmlSecGnuTLSKeyDataAesId) {
+        return(1);
+    }
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+    if(klass == xmlSecGnuTLSKeyDataHmacId) {
+        return(1);
+    }
+#endif /* XMLSEC_NO_HMAC */
+
+    return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+/**************************************************************************
+ *
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataAesKlass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecKeyDataBinarySize,
+
+    /* data */
+    xmlSecNameAESKeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+                                                /* xmlSecKeyDataUsage usage; */
+    xmlSecHrefAESKeyValue,                      /* const xmlChar* href; */
+    xmlSecNodeAESKeyValue,                      /* const xmlChar* dataNodeName; */
+    xmlSecNs,                                   /* const xmlChar* dataNodeNs; */
+
+    /* constructors/destructor */
+    xmlSecGnuTLSSymKeyDataInitialize,           /* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecGnuTLSSymKeyDataDuplicate,            /* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecGnuTLSSymKeyDataFinalize,             /* xmlSecKeyDataFinalizeMethod finalize; */
+    xmlSecGnuTLSSymKeyDataGenerate,             /* xmlSecKeyDataGenerateMethod generate; */
+
+    /* get info */
+    xmlSecGnuTLSSymKeyDataGetType,              /* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecGnuTLSSymKeyDataGetSize,              /* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,                                       /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+    /* read/write */
+    xmlSecGnuTLSSymKeyDataXmlRead,              /* xmlSecKeyDataXmlReadMethod xmlRead; */
+    xmlSecGnuTLSSymKeyDataXmlWrite,             /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    xmlSecGnuTLSSymKeyDataBinRead,              /* xmlSecKeyDataBinReadMethod binRead; */
+    xmlSecGnuTLSSymKeyDataBinWrite,             /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+    /* debug */
+    xmlSecGnuTLSSymKeyDataDebugDump,            /* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecGnuTLSSymKeyDataDebugXmlDump,         /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+    /* reserved for the future */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataAesGetKlass(void) {
+    return(&xmlSecGnuTLSKeyDataAesKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataAesSet:
+ * @data:               the pointer to AES key data.
+ * @buf:                the pointer to key value.
+ * @bufSize:            the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+    xmlSecBufferPtr buffer;
+
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataAesId), -1);
+    xmlSecAssert2(buf != NULL, -1);
+    xmlSecAssert2(bufSize > 0, -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+    xmlSecAssert2(buffer != NULL, -1);
+
+    return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**************************************************************************
+ *
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataDesKlass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecKeyDataBinarySize,
+
+    /* data */
+    xmlSecNameDESKeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+                                                /* xmlSecKeyDataUsage usage; */
+    xmlSecHrefDESKeyValue,                      /* const xmlChar* href; */
+    xmlSecNodeDESKeyValue,                      /* const xmlChar* dataNodeName; */
+    xmlSecNs,                                   /* const xmlChar* dataNodeNs; */
+
+    /* constructors/destructor */
+    xmlSecGnuTLSSymKeyDataInitialize,           /* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecGnuTLSSymKeyDataDuplicate,            /* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecGnuTLSSymKeyDataFinalize,             /* xmlSecKeyDataFinalizeMethod finalize; */
+    xmlSecGnuTLSSymKeyDataGenerate,             /* xmlSecKeyDataGenerateMethod generate; */
+
+    /* get info */
+    xmlSecGnuTLSSymKeyDataGetType,              /* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecGnuTLSSymKeyDataGetSize,              /* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,                                       /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+    /* read/write */
+    xmlSecGnuTLSSymKeyDataXmlRead,              /* xmlSecKeyDataXmlReadMethod xmlRead; */
+    xmlSecGnuTLSSymKeyDataXmlWrite,             /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    xmlSecGnuTLSSymKeyDataBinRead,              /* xmlSecKeyDataBinReadMethod binRead; */
+    xmlSecGnuTLSSymKeyDataBinWrite,             /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+    /* debug */
+    xmlSecGnuTLSSymKeyDataDebugDump,            /* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecGnuTLSSymKeyDataDebugXmlDump,         /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+    /* reserved for the future */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataDesGetKlass(void) {
+    return(&xmlSecGnuTLSKeyDataDesKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDesSet:
+ * @data:               the pointer to DES key data.
+ * @buf:                the pointer to key value.
+ * @bufSize:            the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+    xmlSecBufferPtr buffer;
+
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDesId), -1);
+    xmlSecAssert2(buf != NULL, -1);
+    xmlSecAssert2(bufSize > 0, -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+    xmlSecAssert2(buffer != NULL, -1);
+
+    return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataHmacKlass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecKeyDataBinarySize,
+
+    /* data */
+    xmlSecNameHMACKeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+                                                /* xmlSecKeyDataUsage usage; */
+    xmlSecHrefHMACKeyValue,                     /* const xmlChar* href; */
+    xmlSecNodeHMACKeyValue,                     /* const xmlChar* dataNodeName; */
+    xmlSecNs,                                   /* const xmlChar* dataNodeNs; */
+
+    /* constructors/destructor */
+    xmlSecGnuTLSSymKeyDataInitialize,           /* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecGnuTLSSymKeyDataDuplicate,            /* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecGnuTLSSymKeyDataFinalize,             /* xmlSecKeyDataFinalizeMethod finalize; */
+    xmlSecGnuTLSSymKeyDataGenerate,             /* xmlSecKeyDataGenerateMethod generate; */
+
+    /* get info */
+    xmlSecGnuTLSSymKeyDataGetType,              /* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecGnuTLSSymKeyDataGetSize,              /* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,                                       /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+    /* read/write */
+    xmlSecGnuTLSSymKeyDataXmlRead,              /* xmlSecKeyDataXmlReadMethod xmlRead; */
+    xmlSecGnuTLSSymKeyDataXmlWrite,             /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    xmlSecGnuTLSSymKeyDataBinRead,              /* xmlSecKeyDataBinReadMethod binRead; */
+    xmlSecGnuTLSSymKeyDataBinWrite,             /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+    /* debug */
+    xmlSecGnuTLSSymKeyDataDebugDump,            /* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecGnuTLSSymKeyDataDebugXmlDump,         /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+    /* reserved for the future */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataHmacGetKlass(void) {
+    return(&xmlSecGnuTLSKeyDataHmacKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataHmacSet:
+ * @data:               the pointer to HMAC key data.
+ * @buf:                the pointer to key value.
+ * @bufSize:            the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+    xmlSecBufferPtr buffer;
+
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataHmacId), -1);
+    xmlSecAssert2(buf != NULL, -1);
+    xmlSecAssert2(bufSize > 0, -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+    xmlSecAssert2(buffer != NULL, -1);
+
+    return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/xmlsec-gcrypt.pc.in b/xmlsec-gcrypt.pc.in
new file mode 100644
index 0000000..e2c50a0
--- /dev/null
+++ b/xmlsec-gcrypt.pc.in
@@ -0,0 +1,11 @@
+prefix= prefix@
+exec_prefix= exec_prefix@
+libdir= libdir@
+includedir= includedir@
+
+Name: xmlsec1-gnutls
+Version: @VERSION@
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ 
+Cflags: -DXMLSEC_CRYPTO=\\\"gnutls\\\" @XMLSEC_GNUTLS_CFLAGS@
+Libs: @XMLSEC_GNUTLS_LIBS@ 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]