What do you mean the document is no longer valid ?
If it verifies the References covered by the signature are valid. If the DN
in the certificate refers to the same certifiacte as the friendly name in
the KeyName, the KeyName is redundant. This is what I am doing. I am
removing the Keyname for
xmlSecDSigCtxVerify to get the certificate from the signed xml
File and to don't try to look in the registry because there it will be not?
So how I can handle this that I always load the certificate with which the
document was signed.
Thanks
Jürgen
-Original Message-
From: Edward Shallow
Hi Aleksey,
Why is the function only accepting 1 argument ? Are you experiencing this
?
Ed
Entering xmlsec ctypes wrap, loading libxml2, libxmlsec, and mscrypto dll's
Initializing xmlsec status code 0
Loading dynamic crypto support status code 0
Loading openssl
Getting really close to the end now ;)
... Missing lib.exe ??? Not in any of the MS tools I downloaded and
installed ?
... Where did you get this exe from ?
Ed
lib.exe /nologo /OUT:binaries\libxmlsec-openssl_a.lib
libxmlsec_openssl_a.int\app.obj libxmlsec_openssl_a.int\bn.obj
://www.codecomments.com/archive292-2004-8-262165.html
You might need to tweak makefile a little bit. Search for lib.exe and
replace it with link.exe /lib
Aleksey
Edward Shallow wrote:
Getting really close to the end now ;)
... Missing lib.exe ??? Not in any of the MS tools I downloaded and
installed
Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED]
Sent: May 6, 2006 4:41 PM
To: 'Aleksey Sanin'
Cc: 'xmlsec@aleksey.com'
Subject: RE: [xmlsec] FW: Free/Destroy versus Memory Leak
OK link.exe /lib works ... finally got it all compiled and linked. Ran into
more C runtime problems, but got those
Forgot to mention. It only crashes with mscrypto.
-Original Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED]
Sent: May 6, 2006 5:53 PM
To: '[EMAIL PROTECTED]'; 'Aleksey Sanin'
Cc: 'xmlsec@aleksey.com'
Subject: RE: [xmlsec] FW: Free/Destroy versus Memory Leak
Hi Aleksey
@aleksey.com; [EMAIL PROTECTED]
Subject: Re: [xmlsec] FW: Free/Destroy versus Memory Leak
Edward Shallow wrote:
Almost there. Can't find msvcrt.lib
Not in MSSDK or VC6 ???
Ed
This is MS runtime library... Yet another MS download:
http://wiki.tcl.tk/11431
Aleksey
You do not see it with the sign ? Do you think it could be the environment
around xmlsec ? Might this not leak on a freshly installed XP machine ?
Has the CVS been updated with this patch ? Is it in the daily snapshot ?
I will have to wait for Igor to recompile and re-post.
Ed
-Original
The link to the Visual Studio C++ 2003 Toolkit (free) provided to me by
Dmitry (thanks) contains ***NO*** nmake.exe
I had a tough time finding this old one. Any suggestions ?
Ed
-Original Message-
From: Aleksey Sanin [mailto:[EMAIL PROTECTED]
Sent: May 2, 2006 9:51 PM
To: [EMAIL
PostScript:
I am downloading the Platform SDK. That should do it. I'll ket you know.
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Edward Shallow
Sent: May 2, 2006 10:47 PM
To: 'Aleksey Sanin'
Cc: xmlsec@aleksey.com; [EMAIL PROTECTED]
Subject: RE
] On
Behalf Of Edward Shallow
Sent: May 2, 2006 11:06 PM
To: 'Aleksey Sanin'
Cc: xmlsec@aleksey.com; [EMAIL PROTECTED]
Subject: RE: [xmlsec] FW: Free/Destroy versus Memory Leak
PostScript:
I am downloading the Platform SDK. That should do it. I'll ket you know.
Ed
-Original Message-
From
and they naturally failed. OpenSSL crypto seems
fine, no leak, flat memory profile, much faster too !!!
Ideas ?
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Edward Shallow
Sent: April 12, 2006 4:19 PM
To: xmlsec@aleksey.com
Subject: FW: [xmlsec
Hi Aleksey,
Confirmed that problem in xmlSecSimpleKeysStoreSave is indeed with mscrypto.
Openssl works fine. Python ctypes works fine using all of c_uint(1) for
Public, c_uint(2) for Private, c_uint(4) for Symmetric, and sums thereof.
Only selected key types saved in each case. c_uint(65535)
With attachments ...
-Original Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED]
Sent: January 19, 2006 6:36 PM
To: 'Aleksey Sanin'
Cc: 'xmlsec@aleksey.com'
Subject: RE: [Bulk] Re: [Bulk] [xmlsec] Re: Loaded Private Key and mscrypto
Hi Aleksey,
Confirmed that problem
with Python :)
Aleksey
Edward Shallow wrote:
Hi Aleksey,
In mscrypto, is there any way to save the private signing key or
hold the key (KeyPtr really) and reuse it for subsequent sign
operations ? Sort of like a memory loaded and resuable signing key. I
need something like
First post bounced ?
-Original Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED]
Sent: January 13, 2006 9:34 AM
To: 'Aleksey Sanin'
Subject: Cert Chain Validation 1.2.8 mscrypto
Aleksey,
I think I might have something here ... This output looks very very close to
yours
.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Aleksey Sanin
Sent: January 13, 2006 10:40 AM
To: Dmitry Belyavsky
Cc: Edward Shallow; xmlsec@aleksey.com
Subject: [Bulk] Re: [xmlsec] FW: Cert Chain Validation 1.2.8 mscrypto
Can error messages 1 and 2
key store). I
believe Dmitry already suggested this before but I missed the point then :(
Aleksey
Edward Shallow wrote:
Here they are ...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Aleksey Sanin
Sent: January 12, 2006 1:01 AM
To: [EMAIL
if it the issuer is not present. That is, it
will just show the signer's certificate in the 1 line path.
However it will not display any warning or error if the issuer cannot be
found.
I believe OpenOffice.org uses xmlsec with nss.
Ed
-Original Message-
From: Edward Shallow [mailto
Your messages are very short ?
There is no mistake with the adding/removing of certs in the MS Store as
there is only one cert in play here, the public Test User 1.
And the .der you are loading from the command line utility.
You must have converted Test User 1 to a .cer and loaded into one of
On windows, OO.org uses xmlsec-mscrypto.
Aleksey
Edward Shallow wrote:
PostScript:
It seems that OpenOffice.org V2.0 also does not check certificate
chains when validating a signature.
It will show the public issuer in the chain hierarchy (if it is loaded
in the ROOT store) when you View
Aleksey,
I was able to produce exactly what you produced with the selection below of
--enabled-key-data. The message is identical. What you are seeing has
nothing to do with cert chain verification. It is likely related to your
inability to get the Test User 1 certificate from the crypto store
Yes of course I get a match on Test User 1 and everything works. The point
is It shouldn't work. When I do not load --trusted-der it should not work,
and it does. Meaning No cert chain checking.
It is impossible for your script to work without loading Test User 1 into
the 'MY' store. In fact the
] Re: [Bulk] Re: [xmlsec] OpenSSL vs mscrypto
I am really sorry but I don't understand what you are complaining about. I
don't observe the problem you have. And I can do nothing unless you give
exact steps to reproduce it.
Aleksey
Edward Shallow wrote:
Yes of course I get a match on Test User 1
Dmitry wrote ...
Edward, when you verify the signature using your own certs ('MY' cert
storage), the library doesn't verify chain using my patch. To see my patch
really works you need to verify the signature from the other user's account
with signer's CA cert and CRL installed.
I do not know
-
From: Dmitry Belyavsky [mailto:[EMAIL PROTECTED]
Sent: January 11, 2006 11:51 AM
To: Edward Shallow
Cc: xmlsec@aleksey.com
Subject: RE: [xmlsec] Verify - OpenSSL vs mscrypto
Greetings!
On Wed, 11 Jan 2006, Edward Shallow wrote:
Dmitry wrote ...
Edward, when you verify the signature
If I am not using Dmitry's patch, is it even possible to trigger a cert
chain verify ? Your posts to the list seem to indicate that it is. Just tell
me what function or sequence of functions it is and I'll call them. They
must be xmlSecMSCrypto specific.
The xmlSecDSigCtxVerify function does NOT
the signer's
public certificate in any of their stores.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/s
ecurity/certcreatecertificatecontext.asp
If you are not already doing this, is this possible ?
Ed
-Original Message-
From: Edward Shallow [mailto:[EMAIL
Thanks for your patience,
All I would like to do is trap the most informative message in whatever
way works, I am not fussy. In this simple password example it would be The
specified network password is not correct message. Neither of 1) setting
ErrorsCallback or 2) using xmlGetLastError is
the error message on stderr?
Aleksey
Edward Shallow wrote:
PostScript ...
A call to the following works fine after any libxml2 function
throwing an error. I tried it after a failed xmlsec function call and
received nothing (i.e. Python None aka NULL)
Ed
Hi Aleksey,
Thanks once again. The following worked when added to the ErrorsCallback
(mscrypto only) ...
errCode = win32api.GetLastError()
errMsg = win32api.FormatMessage(errCode)
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Edward
Hi Aleksey,
A few weeks ago I sent a post related to a problem whereby the last
argument being passed to the ErrorsCallback seemed always to be NULL. I
double checked a few things, and it seems to be isolated to mscrypto, though
there are other inconsistencies in general. Below is a simple
(error.domain) + ' code ' + str(error.code) + error.message, ' at line '
+ str(error.line)
except:
errMsg = 'Fatal error in xmlGetLastError function'
return errMsg
-Original Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED]
Sent: January 5, 2006 11:02 PM
Great. Will this checking be invoked automatically as part of a Verify call
(as it is with OpenSSL) ?
If not, when and how is it called ?
Thanks,
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Dmitry Belyavsky
Sent: December 20, 2005 9:52 AM
To:
As far as I know certificate chain verification and CRL checking are 2
distinct functions in the MS world. They are not even in the same library.
CRL checking is part of the Microsoft Crypto API (CAPI) and can be found in
crypt32.dll. The function in question is CertVerifyCRLRevocation and
Thanks Aleksey,
I guess there is no non-crypto-specific version of this function ?
Then does a call to xmlSecMSCryptoX509StoreConstructCertsChain do both a
cert chain check and a revocation check ?
Does this work now, or will it work only after Dmitry's patch ?
Thanks,
Ed
-Original
Hi Aleksey,
When using public certificate for encrypt with mscrypto, cert type must be
CertDer (i.e. type 8). It doesn't like CertPem. No problem. No need to go to
Pkcs12.
Thanks,
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Aleksey Sanin
Sent:
To: [EMAIL PROTECTED]
Cc: xmlsec@aleksey.com
Subject: Re: [xmlsec] Password Callback
I believe in xmlsec you should be able specify callback in the function call
(e.g. read key from file). However, I don't know if xmlsec-mscrypto or
mscrypto itself supports it or not.
Aleksey
Edward Shallow wrote:
Hi
On Friday 16 December 2005 20:03, Edward Shallow wrote:
Hi Aleksey,
Is there an equivalent password callback that is similar in
functionality to the xmlsec xmlSecErrorsSetCallback ?
I am using private keys with passwords loaded by name from the MS
Crypto Store. At run time the Windows
Not sure I understand. The objective is to encrypt the session key with an
X509 Public Certificate (likely retrieved via LDAP) at the sender's end.
They won't have a PKCS12 or a private key. Am I missing something ?
Or are you attempting to zero in on something ?
Ed
-Original Message-
.
It might have something to do with defaulting constants I think, not
sure. Perhaps Wouter would know. Small price to pay.
As usual thanks for your help,
Ed
-Original Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED]
Sent: October 28, 2005 4:36 PM
To: 'Aleksey Sanin'
Subject: RE: [xmlsec
Hi Aleksey,
Making progress, but still having problem getting at keys with Python and
ctypes module. I won't ask you any Python or ctype questions, I promise. But
I will ask you to comment on these observations from an xmlsec perspective
if you would be so kind.
What I am able to do:
Yes you are right. What I hoped you could confirm is that I have the right
call sequence.
I have simplified it further below. What I was not sure of is whether I need
to issue an explicit xmlSecKeysMngrGetKey or is that already implied given I
am using a template. Either way seems to result in a
Hi Aleksey,
This sign over a template and subsequent verify works fine using
command-line utility:
xmlsec sign --crypto mscrypto --output inout/edsigned-enveloped.xml
tmpl/tmpl-EPM-sign-enveloped.xml
xmlsec verify --store-references --crypto mscrypto
inout/edsigned-enveloped.xml
The KeyInfo
No problem !!!
Files affected ? Download them all ?
Ed
Aleksey Sanin wrote:
Sorry for delay with response, I was out of town for
the weekend :) The crash should be fixed in CVS. Thanks
for your bug report!
Aleksey
___
xmlsec mailing list
Hi Aleksey,
Finally aaa !!!
Thanks for all your help.
Some quick notes:
- the --enabled-key-data option must be either left, out or set to
key-name when accessing keys in the nssdb
- importing .p12's into local nssdb's using mozilla or firefox or
thunderbird seems to
? This would help
prove installation as well.
Thanks again,
Ed
Edward Shallow wrote:
Here are 2 stack traces for your review ...
This is the test using KeyName in the template:
(gdb) run sign --crypto nss --crypto-config
/usr/local/src/epm/xmlsec-crypto-config-all --trusted-der
/usr/local/src
Tried something else ...
- copied empty nssdb files from xmlsec1-1.2.9/tests/nssdb
- imported rsakey.p12 and ca2cert.der into nssdb using p12util
- verified content of nssdb using certutil -L
Everything looked good.
Re-ran tests ... still seg faulting
Ed
Edward Shallow wrote:
Forgot
Aleksey Sanin wrote:
1) and 2) above work fine with pkcs#12 based keys, but as soon as I
switch to the nssdb-resident equivalent I am unsuccessful.
Can you run 3rd test under gdb and get a stack trace?
Aleksey
___
xmlsec mailing list
Edward Shallow wrote:
Aleksey Sanin wrote:
1) and 2) above work fine with pkcs#12 based keys, but as soon as I
switch to the nssdb-resident equivalent I am unsuccessful.
Can you run 3rd test under gdb and get a stack trace?
Aleksey
___
xmlsec
: September 23, 2005 11:54 AM
To: Edward Shallow
Cc: xmlsec@aleksey.com
Subject: Re: [xmlsec] nssdb problems ... still : (
In the meatime can I impose on you to send me your cert8.db keys3.db
and secmod.db files.
I don't have your keys imported in the nss db. Please get a stack trace
Here are 2 stack traces for your review ...
This is the test using KeyName in the template:
(gdb) run sign --crypto nss --crypto-config
/usr/local/src/epm/xmlsec-crypto-config-all --trusted-der
/usr/local/src/epm/keys/nss/cacert.der --output
Hi Aleksey,
When using nss, where in the API does one set the --crypto-config option
from the command line utility ?
Thanks,
Ed
___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
I looked at xmlsec.c and crypto.c and it seems --crypto-config is passed in
on a gerneric xmlsecCryptoAppInit call and needs no specific nss support. Is
this a correct assumption ?
Ed
-Original Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED]
Sent: September 21, 2005 12:20 PM
Hi Aleksey,
Trying out nss crypto after much success with openssl. nss tests from
the install worked fine, yet when I try to run testDSig.sh it works for
openssl but not for nss.
Here is nss run ...
--- testDSig started for xmlsec-nss library (20050918_134319)
--- LD_LIBRARY_PATH=
Test:
Would an installation of Firefox or Thunderbird after xmlsec compilation
screw things up perhaps ?
Ed
On Sun, 2005-09-18 at 11:20 -0700, Aleksey Sanin wrote:
Did you recompile xmlsec on the same box? I've seen a similar
error when NSS/NSPR versions on the box did not match ones
used during
-1.2.9/tests xmlsec1 der
Aleksey
Edward Shallow wrote:
Aleksey Sanin wrote:
Can you try to run testKeys.sh for nss first, please? It will create
necessary keys in NSS keys storage.
Aleksey
___
xmlsec mailing list
xmlsec@aleksey.com
http
Hi Aleksey and Valery,
Apart from the xmlSecCryptoDLLoadLibrary call, how transparent is the
xmlsec API when using nss versus openssl ?
The API reference has a huge set of nss specific functions, must they
be used when running the nss engine ?
If one wants to load keys from the
You set me on the right track. I had forgotten to specify the shared
option on the openssl configure script (no-shared is the default) and
the new libcrypto.so was not generated in /usr/lib
Thanks for your help
On Tue, 2005-08-30 at 21:14 -0700, Aleksey Sanin wrote:
You'll notice that most
Hi Aleksey,
- Will your 1.2.9 Fedora3 RPMs cause any problems against a RedHat9 build
?
- Will your 1.2.9 Fedora3 RPMs cause any problems against a Fedora4 build
?
- Can't find any OpenSSL 0.9.8 RPMs out there yet must I build from source
?
Thanks
This sounds more like an environment question. Given you are in a servlet
container with Tomcat I assume your application is Java based. To get out to
the xmlsec library (without bindings) you probably have to define the
required xmlsec C functions to JNI (Java Native Interface). The only
bindings
There is a very good Python binding available on the chance that might
interest you. I have worked extensively with it and have not found a single
problem with it as yet.
http://pyxmlsec.labs.libre-entreprise.org/
Ed
P.S. Valery, BTW version 0.2.1 and the added errorsSetCallback work
perfectly.
support with hardware token
Cool! Thanks for sharing your expirience!
Aleksey
Edward Shallow wrote:
Hi,
Yes I have successfully used an Aladdin eToken Pro in a Windows XP
environment with XMLsec 1.2.1 using the command line and template below
Hi,
Yes I have successfully used an Aladdin eToken Pro in a Windows XP
environment with XMLsec 1.2.1 using the command line and template below.
Key points:
1) use --crypto mscrypto
2) point xmlsec at your token using dsig:KeyName in the template
3) make sure your keys were generated on the
Hello Aleksey,
Please find enclosed a signature produced by another toolkit which uses
left and right brackets in its reference element. XMLSec seems to be
objecting to the presence of the brackets. If I take them out, XMLSec gets
further, but naturally complains about the data to digest
lem. Certs with only numbers in them work.
Thanks again,
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of Aleksey Sanin
Sent: November 11, 2003 12:57 AM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
Subject: Re: [xmlsec] Invalid data char=B; base=10
Hi Aleksey,
I have a strange one here. I am using --ms-crypto (thanks Wouter and
Aleksey) with an XPath-filter (intersect and subtract). I have used a
similar template in dozens of tests. Sign works fine. --store-references
shows intersect, subtract working fine.
However when I go to
I retried the run below with OpenSSL and it works. Problem is unique to
--ms-crypto. Can I send you anything else ?
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Edward Shallow
Sent: November 10, 2003 11:47 PM
To: [EMAIL PROTECTED]
Subject
: November 11, 2003 12:24 AM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
Subject: Re: [xmlsec] Invalid data char=B; base=10 on verify
Sick! Stupid me :( This one line patch bellow should fix it. The patch is
checked in CVS and would be in the next release in a couple days. This code
is not used by OpenSSL
AM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
Subject: Re: [xmlsec] Invalid data char=B; base=10 on verify
The problem is caused by incorrect conversion of a big integer to a string.
Instead of using base 10 the function incorrectly used base 16. Thus you'll
get incorrect numbers sometime
Of Aleksey Sanin
Sent: September 23, 2003 11:55 PM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
Subject: Re: [xmlsec] Emailing: EdTestFormNoMSO.zip
Secondly but related, how would one create parallel signatures over the
same data using XMLSec ? Using 2 successive sign operations ?
Yes.
Assuming one
-Original Message-
From: Aleksey Sanin [mailto:[EMAIL PROTECTED]
Sent: September 24, 2003 10:07 AM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
Subject: Re: [xmlsec] Emailing: EdTestFormNoMSO.zip
1) In the Pre-Digest buffer (see below) I will get extra white space
and/or CRLFs for every subtract I
Aleksey,
This attached is a signature which resulted from successive signings
over the same XML from within Microsoft's InfoPath Release Candidate (i.e.
coming soon).
It is confusing in its use of copy and copy-of. Both signatures have
enveloped-signature tranforms followed by XSLT
As it pertains to the example below, can you see any reason why Microsoft
did not use xmldsig-filter2 ?
Ed
-Original Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED]
Sent: September 23, 2003 11:35 PM
To: '[EMAIL PROTECTED]'
Subject: Emailing: EdTestFormNoMSO.zip
Aleksey
Store world there will be no
pkcs12s lying around.
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Wouter
Sent: September 18, 2003 2:37 PM
To: 'Aleksey Sanin'; 'Edward Shallow'
Cc: [EMAIL PROTECTED]
Hi,
Aleksey is right here. Currently the key
Hi Aleksey,
After numerous attempts to verify the Microsoft InfoPath-created dsig
which uses an XSLT transform, I decided to dummy it down and both sign and
verify it with XMLSec, to get some clues.
The attached is the only stylesheet transform technique I can get
working with XMLSec.
.
I assume xsl:include and xsl:import (as Rich pointed) out are supported
within XMLSec (libxslt) ?
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Aleksey Sanin
Sent: September 7, 2003 9:09 PM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
I am not sure
I'll try it and let you know tomorrow. Thanks for the quick response Aleksey
and Rich.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Aleksey Sanin
Sent: September 7, 2003 9:41 PM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
I am not reporting a problem
Wouter,
Are you saying that for your P12 support, your are using CAPI for the
core crypto operations but not for key/cert retrieval ?
Ed
-Original Message-
From: Wouter [mailto:[EMAIL PROTECTED]
Sent: September 4, 2003 9:26 AM
To: Edward Shallow
Cc: 'Roumen Petrov'; 'Wouter
Hi Aleksey,
The attached file is a signature produced by Microsoft's InfoPath (XML
forms Manager from Office 2003). It's an enveloped signature with an extra
reference to a comment element. XMLSec verify reports data and digest
problem (as below). InfoPath uses the latest .Net Framework
:05 AM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
xmlsec sign --pkcs12 keys/EdSign.p12 --output inout/edsigned1.xml
tmpl/tmpl-EPM-sign.xml
... This in the template works ...
X509Data
/X509Data
... This in the template does not ...
X509Data
X509SubjectName/
X509Certificate
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Edward Shallow
Sent: July 13, 2003 11:42 AM
To: [EMAIL PROTECTED]
Aleksey,
That didn't do it. Must be something deeper. Operation competed but with
exactly the same output (i.e. empty inner key CipherValue)
Ed
-RSA.xml
Apologize for not being more diligent before posting previous dumb question.
Ed
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Aleksey Sanin
Sent: July 13, 2003 3:08 PM
To: Edward Shallow
Cc: [EMAIL PROTECTED]
Take a look at the ds:KeyInfo
Hi Aleksey,
I have just about everything working except a 3DES symmetric encrypt
whose key is RSA wrapped. I send in this on the xmlsec command line util ...
xmlsec encrypt --xml-data encrypt1-doc.xml --node-name Salary --deskey
deskey.bin --pubkey-pem EdShallowPub.pem --output
Hi Aleksey,
I can't get this simple xmlsec command line utility version of your
encrypt1 example to work. Files (renamed) are straight from your examples
directory. I'm using the most recent pre-compiled Windows version 1.0.3 from
Igor's site. Console output below. Any ideas ?
xmlsec encrypt
Hi Aleksey,
Firstly, I love your library, marvelous achievement.
Now, I'd like to get the sign to include my signing certificate in signed
documents.
If I manually insert them in the template file, and do a command line like
this:
xmlsec sign --privkey-pem:EdShallow EdShallow.pem
87 matches
Mail list logo