|
Hello!
Up until now I have used a PKCS#12 file to sign
documents in xmlsec (using MSCrypto). Now I'm faced with the problem that I
cannot create a PKCS#12 file because the private keys are not exportable. How
can I handle this in xmlsec?
I was thinking about something like
this:
1) First I retrieve a PCERT_CONTEXT from MSCrypto
2) Now I call xmlSecMSCryptoCertAdopt to get a
xmlSecKeyDataPtr
3) Third I create a new xmlSecKeyPtr by calling
xmlSecKeyCreate
4) Now I call xmlSecKeySetValue(xmlSecKeyPtr,
xmlSecKeyDataPtr)
5) I now create a xmlSecDSigCtx using
xmlSecDSigCtxCreate
6) I can now assign xmlSecDSigCtx->signKey with
the xmlSecKeyPtr
7) Last I call xmlSecDSigCtxSign
Will this approach work and is it a good
one?
At what stage will MSCrypto ask me to enter the
password in order to encrypt the document (my guess is at stage 7).
If I have several documents that need signing will
this method force MSCrypto to prompt me for a password every time or is there a
way around this problem? I thought about using a keys manager but I have no idea
how to do this and even if it will solve my problem.
I have looked
through all examples without getting a clear idea on how to solve my
problem.
Thanks,
Erik F. Andersen
|
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
