(Original thread... RE: XML Security-C:: HCRYPTPROV DSS/RSA providers not set via Win CAPI CryptoX509 using just the PCCERT_CONTEXT cosntructor)
Does this affect TSIK -> xml-security interoperability in general or would this be just an isolated incident caused by the creators of my key not using appropriate options? Has anyone else encountered this problem? Can you think of a workaround? I was thinking about calling the MSCryptoAPI functions directly - doing something along the lines of VeriftDetatchedSignature() against the data; unfortunately I don't know how to do the OpenSSL equivalent. Lots of questions.. Thanks a lot for all the time & trouble this community is taking to help me. Muchos appreciated... Steve -----Original Message----- From: Milan Tomic [mailto:[EMAIL PROTECTED] Sent: 26 May 2005 07:23 To: security-dev@xml.apache.org Subject: RE: XML Security-C:: HCRYPTPROV DSS/RSA providers not set via Win CAPI CryptoX509 using just the PCCERT_CONTEXT cosntructor W3C XML Signature recommendation doesn't mention ASN.1 encoding for DSA: http://www.w3.org/TR/xmldsig-core/#DSAKeyValue http://www.w3.org/TR/xmldsig-core/#dsa-sha1 so I would say that proper signing procedure is not to encode DSA signature in ASN.1 after signing and before Base64 encoding. However, we could consider adding support for ASN.1 encoded DSA signatures during verification process. Berin? Others? Best regards, Milan
