Hi, I would like to sign XML files using xmlsec command line utility using certificates stored inside Windows certificate store.
What is the proper way to reference certificate from signature template. I though that something like (note reference to certificate in X509SubjectName element): <myDoc> ... <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> ... </ds:SignedInfo> <ds:SignatureValue></ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509SubjectName>CN=Jan Tester</ds:X509SubjectName> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </myDoc> would be sufficient. But when I run xmlsec with: xmlsec --sign --crypto mscrypto --output signed.xml template.xml I got: func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlSecKe ysMngrFindKey:error=1:xmlsec library function failed: ;last error=-2146885628 (0 x80092004);last error msg=Cannot find object or property. It seems that xmlsec is unable to find certificate for signing. What's the proper way of referencing certificate? (Note that I'm able to sign document if I dump complete certificate inside X509Certificate element, but this element is then duplicated in the output. Not speaking about inconvenience of such method.) Thanks in advance, Jirka -- ------------------------------------------------------------------ Jirka Kosek e-mail: [email protected] http://xmlguru.cz ------------------------------------------------------------------ Professional XML consulting and training services DocBook customization, custom XSLT/XSL-FO document processing ------------------------------------------------------------------ OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 member ------------------------------------------------------------------
signature.asc
Description: OpenPGP digital signature
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
