So, I believe that openssl can not verify it because the KeyValue is empty... Thus, the question is: why mscrypto does not want to write public key info into the document?. Do you have any errors on the output? Can you try to use the following template (just key value node w/o any content), please? <dsig:KeyValue></dsig:KeyValue> Aleksey