[xmlsec] Signing with X509 certificate using mscrypto provider

Aleksey Sanin aleksey at aleksey.com
Wed Apr 21 07:37:16 PDT 2010


What encoding did you use for this file?

 > <ds:KeyInfo>
 >     <ds:KeyName>CN=Jiří Novák</ds:KeyName>
 >     <ds:X509Data>
 >        <ds:X509Certificate/>
 >     </ds:X509Data>
 > </ds:KeyInfo>


Aleksey

On 4/21/2010 1:00 AM, Jirka Kosek wrote:
> Aleksey Sanin wrote:
>
>> You need to tell xml parser (libxml2) what is the file encoding.
>> It can't convert correctly to UTF8 unless it knows the source encoding.
>> BTW, libxml2 simply skips unknown characters in the input and this
>> explains the error you got ("key not found" from xmlsec) - the key name
>> was mangled. Set the correct in the xml prolog and it will work.
>
> Prolog and encoding was correct (I think that I have pretty deep
> knowledge of Unicode and its encodings). I even tried UTF-8 with and
> without BOM character and still have no success.
>
> If you have access to Windows box, you can very easily reproduce bug.
> Create self-signed certificate by using makecert tool (part of .NET SDK)
> and use some accented characters (or cyrillic, I expect same problems)
> in subject, eg.:
>
> makecert -r -pe -n "CN=Jiří Novák" -e 12/31/2020 -ss My
>
> and then try to sign with template containing:
>
> ...
> <ds:KeyInfo>
>     <ds:KeyName>CN=Jiří Novák</ds:KeyName>
>     <ds:X509Data>
>        <ds:X509Certificate/>
>     </ds:X509Data>
> </ds:KeyInfo>
> ...
>
> Thanks,
>
> 			Jirka
>


More information about the xmlsec mailing list