[xmlsec] Win98 support for xmlSecMSCryptoDigestInitialize

xs04.jmdesp at free.fr xs04.jmdesp at free.fr
Mon Nov 14 10:23:28 PST 2005


Selon Joachim Lingner <Joachim.Lingner at Sun.COM>:
> calls CryptAcquireContext with the flag MS_STRONG_PROV. This call fails
> on Windows 98
> My suggestion is to call
> the function again with MS_ENHANCED_PROV in case the first call failed.

I'm not sure MS_STRONG_PROV is worth the pain. It's an intermediate level CSP
that was used for a short interval of time to provide better than the Base
Cryptographic Provider security, but not yet full support for 1024/128 bits
security. That's why updating 98 with IE 6 will directly provide
MS_ENHANCED_PROV.

So I think MS_STRONG_PROV should be replaced by MS_ENHANCED_PROV everywhere, and
if the machine doesn't have MS_ENHANCED_PROV, the user should be told to upgrade
it to support 128 bits.

OTOH maybe it's time for xmlsec to begin to think about MS_ENH_RSA_AES_PROV in
signatures because of it's support for SHA-2 algorithms, even if only the most
up to date platforms have it.




More information about the xmlsec mailing list