The behaviour of mscrypt is the same as in NSS. So what Aleksey is assuming is in fact true. You don't need to load keys from MS certstore in advance here. When a keyname is given, like in the example, the keysstore searches first in the simple keysstore (used as a temporarily 'cached keys' store), and when no key is found, the MS Certstore is searched to find the key. When in the MS Certstore a match is found, the key is returned and can be used. If the key from the cert store, also has a private counterpart, it can also be used for signing and decryption, otherwise only encryption and verification is supported (of course). That is determined automatically.
Currently the implementation is not complete, since keyInfo Ctx is not used yet to search for keys in the MS Cert store, but I'm not sure if that is needed: Is there a possibility that the KeyInfoCtx has a keyname in it, while the separate keyname parameter in the function call is null? Wouter > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin > Sent: Friday, September 19, 2003 6:30 > To: Edward Shallow > Cc: [EMAIL PROTECTED] > Subject: Re: [xmlsec] XMLsec Command Line Utility and MSCrypto > > > If you have a public key with name "Steve Archdeacon" in MS > Crypto key > store > then probably the answer is yes. I use word "probably" here > only because > I did not > read all the xmlsec-mscrypto code yet. > > It's defenetly the case for xmlsec-nss and NSS key db. I > would hope that > this should > be the same for xmlsec-mscrypto and this would probably be a feature > request anyway. > > Aleksey > > > _______________________________________________ > xmlsec mailing list > [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
