[Bulk] [xmlsec] Re: Loaded Private Key and mscrypto

Edward Shallow ed.shallow at rogers.com
Tue Jan 17 08:35:26 PST 2006


More surprises from mscrypto !!!

It seems that there is no need to save the xmlsec signKey across operations
using that key. Nor do you have to reset the dsigCtx.

Once a process has loaded a private key from the mscrypto store using the
default MS Crypto Service Provider, the CSP will not prompt the user (or
process in this case) again for the password. Authentication into the MS
Crypto Store seems to only be required once per process.

I tried the KeysMngr approach assuming I had to adopt the key and then keep
the KeysMngr around for all subsequent calls. It turns out that you can
treat each call totally independently and not worry about which keys you
have loaded and which once you haven't.

Dmitry, do you observe this as well ?

Cheers,
Ed

P.S. 

On a separate note ...

    This function works and saves a new keys file, but never saves any
private exponent for private keys into the new saved file. 

    rc = xmlsec.xmlSecSimpleKeysStoreSave(keyStore,
'c:/xmlsec/keys/savedKeysStore.xml', c_uint(65535))
    print 'xmlSecSimpleKeysStoreSave \t\tstatus code', rc

This section is always missing.

<PrivateExponent xmlns="http://www.aleksey.com/xmlsec/2002">
jHZq8iF3Ki6Xfkuur1z5LKUsKJ/UOAZLkj7cuXE9LW+rtx/7s9VSjqsnhOsGeNcl
3VIwXSV9+QBK1wdbxAIIQ16+yWXNY+21K94h4C6ssx44lqgODL25OXDsE92EZFu0
1gApBhqOUxV1gUXDqMnHqSWbk7/1kwX6RzsioRu0UKs=
</PrivateExponent>  

Can you re-produce this ?  

-----Original Message-----
From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On
Behalf Of Aleksey Sanin
Sent: January 16, 2006 10:43 PM
To: ed.shallow at rogers.com; xmlsec at aleksey.com
Subject: [Bulk] [xmlsec] Re: Loaded Private Key and mscrypto

You can specify the signature key in the xmldsig context:

http://www.aleksey.com/xmlsec/api/xmlsec-notes-sign.html

Though, I have no idea how it works with Python :)

Aleksey

Edward Shallow wrote:
> Hi Aleksey,
> 
>      In mscrypto, is there any way to save the private signing key or 
> hold the key (KeyPtr really)  and reuse it for subsequent sign 
> operations ? Sort of like a memory loaded and resuable signing key. I 
> need something like an xmlSecCryptoAppKeyLoad which returns a KeyPtr I 
> can sign with. This works fine for P12s, but I need the equivalent for 
> mscrypto keys in the MS Crypto Store.
> 
> It seems like the only way to load and use a private signing key in 
> mscrypto is via a template with a KeyName reference in it. Problem is 
> I can't keep the keyPtr that got used.
> 
> The 2 functions below do not allow one to subsequently sign with the 
> retrieved key. I can find them, load them, even save them to an XML 
> keys file, but I can't sign with them. Private RSA exponent does not 
> seem to be available.
> 
> key = xmlsec.xmlSecKeysMngrFindKey(keysMngr, "friendly name for the 
> key", keyInfoCtx)
> 
> . and ...
> 
> key = xmlsec.xmlSecKeysMngrGetKey(keyInfoNode, keyInfoCtx)
> 
> 
> Any idea ? This is for a server-resident application which must 
> repeatedly sign things and I do not want the password prompt.
> 
> Thanks,
> Ed
> 
> 
_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec





More information about the xmlsec mailing list