[xmlsec] xmlsec

Edward Shallow ed.shallow at rogers.com
Mon Dec 19 19:11:43 PST 2005


Hi Alex,

   Aleksey did understand you correctly. Simply initialize the <KeyName> in
a template file (sample attached) and the private signing key will be
extracted from the MS system key store (i.e. 'MY'). Rough sequence of calls
(simplified) as follows: 

    xmlParseFile('the template')
    xmlDocGetRootElement()
    xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
    xmlSecKeysMngrCreate()
    xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
    xmlSecDSigCtxCreate()
    xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
    xmlSecDSigCtxSign(dsigCtx, sigNode)

   Depending on which crypto you are using the <KeyName> can contain either
the short friendly name (from CN=...) or the full X509 Distinguished Name.
Both will work. mscrypto for example will look first in the Simple Key Store
if you have adopted one and then in the 'MY' certificate store for your
signing key. In the above sequence, I did not load or adopt a Key Store, so
mscrypto goes directly to the system key store 'MY'.

   Note: OpenSSL does not have a system key store.

Cheers,
Ed 



-----Original Message-----
From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On
Behalf Of Alexander Trishin
Sent: December 19, 2005 7:00 PM
To: Aleksey Sanin
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] xmlsec

Aleksey,

I probably didn't make myself clear.
I'm looking at the code to produce a signed xml, the key info and
certificate come from the external file for the sample.
My question is - what functions should I use to change that? So that key
info and Certificate come from the system store, and not from the file.

Thank you in advance,
Alex

Aleksey Sanin wrote:

> I am not a big mscrypto user myself and I hope someone will correct my 
> lies here... but I believe that you just need to put the key name 
> (i.e. certificate subject) into the <KeyName> element of your 
> signature template.
>
> Aleksey
>
> Alexander Trishin wrote:
>
>> Dear Friends,
>>
>> I'm trying to create a test console app to sign XML files with the
>> X509 certificate. I took a look at samples provided but yet to figure 
>> out how do I sign an XML file with the Certificate that I already 
>> have in "MY" store. Certificate does have a private key.
>>
>> If someone can point me in the right direction or has sample I'd be 
>> greatly appreciated.
>>
>> Platform is Windows with ms crypto library.
>>
>> Thank you,
>> Alex.
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
>
_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tmpl-EPM-sign-enveloped-friendly.xml
Type: text/xml
Size: 1371 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20051219/b9d1f5fc/tmpl-EPM-sign-enveloped-friendly-0002.xml


More information about the xmlsec mailing list