<p>It is not really a problem with CAPI, it is designed to work with keys in the Windows crypto store. Load your keys into the CAPI crypto store, reference them from the <KeyName> element in your template, and all will work fine. You would have to do it this way for hardware tokens anyway.</p>
<div class="gmail_quote">On Oct 23, 2011 4:21 PM, "Aleksey Sanin" <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It is a problem with mscrypto api.<br>
<br>
Aleksey<br>
<br>
On 10/23/11 10:51 AM, Josef Kokeš wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 21.10.2011 19:01, Aleksey Sanin wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Basically, xmlsec-mscrypto doesn't support pkcs12 format. Only DER<br>
format is supported.<br>
</blockquote>
<br>
Thanks for the answer. Before I try to develop a solution, could you<br>
please tell me if it is the case of MS Crypto API not supporting the<br>
required functionality or simply a lack of<br>
resources/time/interest/<u></u>whatever on your part? In other word, would a<br>
fix involve modification of LibXmlSec or would it require a modification<br>
of CryptoAPI?<br>
<br>
Thanks,<br>
<br>
Pepak<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Aleksey<br>
<br>
On 10/20/11 11:09 PM, Josef Kokeš wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Oops, I completely overlooked the error message. Here it is:<br>
<br>
func=<u></u>xmlSecMSCryptoAppKeyLoadMemory<u></u>:file=..\src\mscrypto\app.c:<u></u>line=237:obj=unknown:subj=<u></u>format<br>
<br>
== xmlSecKeyDataFormatCertDer:<u></u>error=100:assertion: ;last error=0<br>
(0x00000000);last error msg=Operace byla dokončena úspěšně.<br>
<br>
(last error msg translated to english: "The operation was successfully<br>
completed")<br>
<br>
Seems to be an incompatible encoding, but why? It's a standard PFX, I<br>
don't think I can choose encoding for that.<br>
<br>
Pepak<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi!<br>
<br>
I have been using XmlSec for some time, but only with the OpenSSL<br>
engine. Now I find myself in need of using a MS-Crypto engine (I<br>
want to<br>
use tokens for certificate storage). I thought I would simply change<br>
the<br>
parameter of xmlSecCryptoDLLoadLibrary from "openssl" to "mscrypto",<br>
but<br>
apparently that is not the case:<br>
<br>
When I start preparing the signature context, the xmlSecDSigCtxCreate<br>
succeeds but the following xmlSecCryptoAppKeyLoadMemory(<u></u>PfxBuf,<br>
PfxSize,<br>
xmlSecKeyDataFormatPkcs12, PfxPassword, 0, 0) returns 0 - the key could<br>
not be loaded. But the same command succeeds with OpenSSL. I thought<br>
perhaps it's another case of incompatible PFX files between Windows XP<br>
and newer Windows, but that is not the case as I can import the PFX<br>
correctly using the OS's tools.<br>
<br>
I am using LibXmlSec version 1.2.18 under Windows, as compiled by Igor<br>
Zlatkovic in no-unicode mode.<br>
<br>
What could possibly be the problem?<br>
<br>
Thanks,<br>
<br>
Pepak<br>
______________________________<u></u>_________________<br>
xmlsec mailing list<br>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/<u></u>mailman/listinfo/xmlsec</a><br>
<br>
<br>
<br>
__ Zkontrolovano antivirovym programem NOD32 __<br>
_______ Mailscanner spolecnosti Phoenix _______<br>
</blockquote>
<br>
______________________________<u></u>_________________<br>
xmlsec mailing list<br>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/<u></u>mailman/listinfo/xmlsec</a><br>
</blockquote>
<br>
<br>
<br>
__ Zkontrolovano antivirovym programem NOD32 __<br>
_______ Mailscanner spolecnosti Phoenix _______<br>
</blockquote>
<br>
</blockquote>
______________________________<u></u>_________________<br>
xmlsec mailing list<br>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/<u></u>mailman/listinfo/xmlsec</a><br>
</blockquote></div>