[xmlsec] Incompatibility between OPENSSL nad MSCRYPTO engines?

EdShallow ed.shallow at gmail.com
Sun Oct 23 14:57:13 PDT 2011


It is not really a problem with CAPI, it is designed to work with keys in
the Windows crypto store. Load your keys into the CAPI crypto store,
reference them from the <KeyName> element in your template, and all will
work fine. You would have to do it this way for hardware tokens anyway.
On Oct 23, 2011 4:21 PM, "Aleksey Sanin" <aleksey at aleksey.com> wrote:

> It is a problem with mscrypto api.
>
> Aleksey
>
> On 10/23/11 10:51 AM, Josef Kokeš wrote:
>
>> On 21.10.2011 19:01, Aleksey Sanin wrote:
>>
>>> Basically, xmlsec-mscrypto doesn't support pkcs12 format. Only DER
>>> format is supported.
>>>
>>
>> Thanks for the answer. Before I try to develop a solution, could you
>> please tell me if it is the case of MS Crypto API not supporting the
>> required functionality or simply a lack of
>> resources/time/interest/**whatever on your part? In other word, would a
>> fix involve modification of LibXmlSec or would it require a modification
>> of CryptoAPI?
>>
>> Thanks,
>>
>> Pepak
>>
>>
>>> Aleksey
>>>
>>> On 10/20/11 11:09 PM, Josef Kokeš wrote:
>>>
>>>> Oops, I completely overlooked the error message. Here it is:
>>>>
>>>> func=**xmlSecMSCryptoAppKeyLoadMemory**:file=..\src\mscrypto\app.c:**
>>>> line=237:obj=unknown:subj=**format
>>>>
>>>> == xmlSecKeyDataFormatCertDer:**error=100:assertion: ;last error=0
>>>> (0x00000000);last error msg=Operace byla dokončena úspěšně.
>>>>
>>>> (last error msg translated to english: "The operation was successfully
>>>> completed")
>>>>
>>>> Seems to be an incompatible encoding, but why? It's a standard PFX, I
>>>> don't think I can choose encoding for that.
>>>>
>>>> Pepak
>>>>
>>>>  Hi!
>>>>>
>>>>> I have been using XmlSec for some time, but only with the OpenSSL
>>>>> engine. Now I find myself in need of using a MS-Crypto engine (I
>>>>> want to
>>>>> use tokens for certificate storage). I thought I would simply change
>>>>> the
>>>>> parameter of xmlSecCryptoDLLoadLibrary from "openssl" to "mscrypto",
>>>>> but
>>>>> apparently that is not the case:
>>>>>
>>>>> When I start preparing the signature context, the xmlSecDSigCtxCreate
>>>>> succeeds but the following xmlSecCryptoAppKeyLoadMemory(**PfxBuf,
>>>>> PfxSize,
>>>>> xmlSecKeyDataFormatPkcs12, PfxPassword, 0, 0) returns 0 - the key could
>>>>> not be loaded. But the same command succeeds with OpenSSL. I thought
>>>>> perhaps it's another case of incompatible PFX files between Windows XP
>>>>> and newer Windows, but that is not the case as I can import the PFX
>>>>> correctly using the OS's tools.
>>>>>
>>>>> I am using LibXmlSec version 1.2.18 under Windows, as compiled by Igor
>>>>> Zlatkovic in no-unicode mode.
>>>>>
>>>>> What could possibly be the problem?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Pepak
>>>>> ______________________________**_________________
>>>>> xmlsec mailing list
>>>>> xmlsec at aleksey.com
>>>>> http://www.aleksey.com/**mailman/listinfo/xmlsec<http://www.aleksey.com/mailman/listinfo/xmlsec>
>>>>>
>>>>>
>>>>>
>>>>> __ Zkontrolovano antivirovym programem NOD32 __
>>>>> _______ Mailscanner spolecnosti Phoenix _______
>>>>>
>>>>
>>>> ______________________________**_________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/**mailman/listinfo/xmlsec<http://www.aleksey.com/mailman/listinfo/xmlsec>
>>>>
>>>
>>>
>>>
>>> __ Zkontrolovano antivirovym programem NOD32 __
>>> _______ Mailscanner spolecnosti Phoenix _______
>>>
>>
>>  ______________________________**_________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/**mailman/listinfo/xmlsec<http://www.aleksey.com/mailman/listinfo/xmlsec>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20111023/687c2a73/attachment.html>


More information about the xmlsec mailing list