Hi Aleksey, This sign over a template and subsequent verify works fine using command-line utility:
xmlsec sign --crypto mscrypto --output inout/edsigned-enveloped.xml tmpl/tmpl-EPM-sign-enveloped.xml xmlsec verify --store-references --crypto mscrypto inout/edsigned-enveloped.xml The KeyInfo from simple enveloped signature template looks like this: <dsig:KeyInfo> <dsig:KeyName>[EMAIL PROTECTED],CN=Test User 1,OU=Electronic Post Mark,O=For Test Use Only,O=Universal Postal Union,L=Berne,ST=Berne,C=CH</dsig:KeyName> <dsig:X509Data> <dsig:X509Certificate></dsig:X509Certificate> <dsig:X509SubjectName></dsig:X509SubjectName> <dsig:X509IssuerSerial></dsig:X509IssuerSerial> </dsig:X509Data> </dsig:KeyInfo> I am trying to recreate this simple sign scenario from code using Python with the ctypes module (which marshals Python calls to/from "C" dll's and so's) I have successfully wrapped most of libxml2 using Python and ctypes and was then moving onto xmlsec. Got stalled at the GetKey. Not sure my call sequence is good though. This simplified code snippet produces the stdout below it: ################################################################### # Initialization ################################################################### print 'Entering xmlsec ctypes wrap' print 'Loading libxml2 parser' libxml2 = cdll.libxml2 xmlsec = cdll.libxmlsec print 'Initializing xmlsec, return code', xmlsec.xmlSecInit() print 'Loading dynamic crypto support, return code ', xmlsec.xmlSecCryptoDLInit() print 'Loading mscrypto, return code ', xmlsec.xmlSecCryptoDLLoadLibrary('mscrypto') print 'CryptoAppInit, return code ', xmlsec.xmlSecCryptoAppInit() print 'CryptoInit, return code ', xmlsec.xmlSecCryptoInit() ################################################################### # Let's sign a template ################################################################### parsedDoc = xmlsec.xmlSecParseFile('c:/xmlsec/tmpl-EPM-sign-enveloped-keyname.xml') # uses xmlsec rootNode = libxml2.xmlDocGetRootElement(parsedDoc) sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature', 'http://www.w3.org/2000/09/xmldsig#') print 'found signature node', sigNode.contents.name keysMngr = xmlsec.xmlSecKeysMngrCreate() rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr) print 'CryptoAppDefaultKeysMngrInit returned with rc', rc dsigCtx = xmlsec.xmlSecDSigCtxCreate(keysMngr) keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr) print 'keyInfoCtx.contents.keysMngr', keyInfoCtx.contents.keysMngr, 'keyInfoCtx.contents.mode', keyInfoCtx.contents.mode # keyNode = xmlsec.xmlSecFindNode(rootNode, 'KeyInfo', 'http://www.w3.org/2000/09/xmldsig#') # print 'found KeyInfo node', keyNode.contents.name xmlsec.xmlSecKeyInfoCtxDebugDump(keyInfoCtx, stdout) # key = xmlsec.xmlSecKeysMngrGetKey(keyNode, keyInfoCtx) # print 'found key', key.contents.name # xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode) print 'Signature creation complete with status code', rc Output from above follows ... (doesn't find key when I do an explicit KeysMngrGetKey either) Any ideas ????? C:\XMLSec>libxmlsec.py Entering xmlsec ctypes wrap Initializing libxml2 parser Initializing xmlsec, return code 0 Loading dynamic crypto support, return code 0 Loading mscrypto, return code 0 CryptoAppInit, return code 0 CryptoInit, return code 0 stdin fileno = 0 stdout fileno = 1 stderr fileno = 2 found signature node Signature CryptoAppDefaultKeysMngrInit returned with rc 0 keyInfoCtx.contents.keysMngr 12159304 keyInfoCtx.contents.mode 0 = KEY INFO READ CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: NULL ==== keyType: 0x00000000 ==== keyUsage: 0xffffffff ==== keyBitsSize: 0 === list size: 0 func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlS ecKeysMngrFindKey:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn own:subj=unknown:error=45:key is not found: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: ; last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSe cDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. Signature creation complete with status code -1 _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec