[xmlsec] How to sign without an exportable key

[Aleksey Sanin]

The plan sounds good! But you can use keys manager as well. The idea
is that you load keys (steps 1-4), assign a unique "name" string and
then put them into keys manager. After that you prepare a template
with KeyName element set to the name of the key name you want to use
and just sign it. Note that this approach is not better or worse than
what you propose. Both would work just fine.

And sorry that I can't help with MSCrypto details. Hope someone from
the mailing list will do it.

Aleksey