It is not really a problem with CAPI, it is designed to work with keys in the Windows crypto store. Load your keys into the CAPI crypto store, reference them from the <KeyName> element in your template, and all will work fine. You would have to do it this way for hardware tokens anyway. On Oct 23, 2011 4:21 PM, "Aleksey Sanin" <[email protected]> wrote:
> It is a problem with mscrypto api. > > Aleksey > > On 10/23/11 10:51 AM, Josef Kokeš wrote: > >> On 21.10.2011 19:01, Aleksey Sanin wrote: >> >>> Basically, xmlsec-mscrypto doesn't support pkcs12 format. Only DER >>> format is supported. >>> >> >> Thanks for the answer. Before I try to develop a solution, could you >> please tell me if it is the case of MS Crypto API not supporting the >> required functionality or simply a lack of >> resources/time/interest/**whatever on your part? In other word, would a >> fix involve modification of LibXmlSec or would it require a modification >> of CryptoAPI? >> >> Thanks, >> >> Pepak >> >> >>> Aleksey >>> >>> On 10/20/11 11:09 PM, Josef Kokeš wrote: >>> >>>> Oops, I completely overlooked the error message. Here it is: >>>> >>>> func=**xmlSecMSCryptoAppKeyLoadMemory**:file=..\src\mscrypto\app.c:** >>>> line=237:obj=unknown:subj=**format >>>> >>>> == xmlSecKeyDataFormatCertDer:**error=100:assertion: ;last error=0 >>>> (0x00000000);last error msg=Operace byla dokončena úspěšně. >>>> >>>> (last error msg translated to english: "The operation was successfully >>>> completed") >>>> >>>> Seems to be an incompatible encoding, but why? It's a standard PFX, I >>>> don't think I can choose encoding for that. >>>> >>>> Pepak >>>> >>>> Hi! >>>>> >>>>> I have been using XmlSec for some time, but only with the OpenSSL >>>>> engine. Now I find myself in need of using a MS-Crypto engine (I >>>>> want to >>>>> use tokens for certificate storage). I thought I would simply change >>>>> the >>>>> parameter of xmlSecCryptoDLLoadLibrary from "openssl" to "mscrypto", >>>>> but >>>>> apparently that is not the case: >>>>> >>>>> When I start preparing the signature context, the xmlSecDSigCtxCreate >>>>> succeeds but the following xmlSecCryptoAppKeyLoadMemory(**PfxBuf, >>>>> PfxSize, >>>>> xmlSecKeyDataFormatPkcs12, PfxPassword, 0, 0) returns 0 - the key could >>>>> not be loaded. But the same command succeeds with OpenSSL. I thought >>>>> perhaps it's another case of incompatible PFX files between Windows XP >>>>> and newer Windows, but that is not the case as I can import the PFX >>>>> correctly using the OS's tools. >>>>> >>>>> I am using LibXmlSec version 1.2.18 under Windows, as compiled by Igor >>>>> Zlatkovic in no-unicode mode. >>>>> >>>>> What could possibly be the problem? >>>>> >>>>> Thanks, >>>>> >>>>> Pepak >>>>> ______________________________**_________________ >>>>> xmlsec mailing list >>>>> [email protected] >>>>> http://www.aleksey.com/**mailman/listinfo/xmlsec<http://www.aleksey.com/mailman/listinfo/xmlsec> >>>>> >>>>> >>>>> >>>>> __ Zkontrolovano antivirovym programem NOD32 __ >>>>> _______ Mailscanner spolecnosti Phoenix _______ >>>>> >>>> >>>> ______________________________**_________________ >>>> xmlsec mailing list >>>> [email protected] >>>> http://www.aleksey.com/**mailman/listinfo/xmlsec<http://www.aleksey.com/mailman/listinfo/xmlsec> >>>> >>> >>> >>> >>> __ Zkontrolovano antivirovym programem NOD32 __ >>> _______ Mailscanner spolecnosti Phoenix _______ >>> >> >> ______________________________**_________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/**mailman/listinfo/xmlsec<http://www.aleksey.com/mailman/listinfo/xmlsec> >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
