Sorry, I am not very familiar with mscrypto... Could you please try to put the certificate subject into "KeyName" element? I recall xmlsec-mscrypto is using it to search for certificate/private key pair. Also I believe there is a notion of "friendly name" that is also can be used as "KeyName" to refer to the key.
Aleksey On 4/20/2010 5:43 AM, Jirka Kosek wrote:
Hi, I would like to sign XML files using xmlsec command line utility using certificates stored inside Windows certificate store. What is the proper way to reference certificate from signature template. I though that something like (note reference to certificate in X509SubjectName element): <myDoc> ... <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> ... </ds:SignedInfo> <ds:SignatureValue></ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509SubjectName>CN=Jan Tester</ds:X509SubjectName> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </myDoc> would be sufficient. But when I run xmlsec with: xmlsec --sign --crypto mscrypto --output signed.xml template.xml I got: func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlSecKe ysMngrFindKey:error=1:xmlsec library function failed: ;last error=-2146885628 (0 x80092004);last error msg=Cannot find object or property. It seems that xmlsec is unable to find certificate for signing. What's the proper way of referencing certificate? (Note that I'm able to sign document if I dump complete certificate inside X509Certificate element, but this element is then duplicated in the output. Not speaking about inconvenience of such method.) Thanks in advance, Jirka _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
