[xmlsec] Suggestions & Question

Aleksey Sanin aleksey at aleksey.com
Sun Aug 28 09:19:51 PDT 2005


> We are introducing XML signature in our application and we will use 
> xmlsec library for that because it is the best there is.
Thanks!

> I noticed that mscrypto does not support PEM encoded certificates. I 
> suggest the code, that would also work for PEM certificates.
I am really not sure that CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED flag
does mean PEM encoding. Have you tried it? Also can you provide a patch
using either 'cvs diff' or 'diff' commands, please?

> 
> Also I wrote function to create xmlSecKeyPtr from PCCERT_CONTEXT. I did 
> not find anything like that in the xmlsec, but maybe I am missing 
> something.

What about xmlSecMSCryptoX509CertGetKey()?

> Pin could be passed through xmlSecDSigCtx structure. I just do not know 
> where I should apply this in xmlsec.
> Please tell me where the actual signing is going on so I can add this 
> pin setting. I thing that would also be useful adding to mscrypto in 
> xmlsec.
I am not sure I understand the question, but take a look at the
xmlSecMSCryptoSignatureExecute function. Also you might be able to
set the pin *before* calling xmlsec. This way, the pin will be
already set at the time signature is done.

BTW, you might want to subscribe to xmlsec mailing list.

Aleksey




More information about the xmlsec mailing list