Hi,

I would like to sign XML files using xmlsec command line utility using
certificates stored inside Windows certificate store.

What is the proper way to reference certificate from signature template.
I though that something like (note reference to certificate in
X509SubjectName element):

<myDoc>
  ...
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
    <ds:SignedInfo>
      ...
    </ds:SignedInfo>
    <ds:SignatureValue></ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509SubjectName>CN=Jan Tester</ds:X509SubjectName>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>
</myDoc>

would be sufficient. But when I run xmlsec with:

xmlsec --sign --crypto mscrypto --output signed.xml template.xml

I got:

func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlSecKe
ysMngrFindKey:error=1:xmlsec library function failed: ;last
error=-2146885628 (0
x80092004);last error msg=Cannot find object or property.

It seems that xmlsec is unable to find certificate for signing. What's
the proper way of referencing certificate? (Note that I'm able to sign
document if I dump complete certificate inside X509Certificate element,
but this element is then duplicated in the output. Not speaking about
inconvenience of such method.)

Thanks in advance,

                                Jirka

-- 
------------------------------------------------------------------
  Jirka Kosek      e-mail: [email protected]      http://xmlguru.cz
------------------------------------------------------------------
       Professional XML consulting and training services
  DocBook customization, custom XSLT/XSL-FO document processing
------------------------------------------------------------------
 OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 member
------------------------------------------------------------------

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to