[xmlsec] Signing with X509 certificate using mscrypto provider

Jirka Kosek jirka at kosek.cz
Tue Apr 20 05:43:48 PDT 2010 

Hi,

I would like to sign XML files using xmlsec command line utility using
certificates stored inside Windows certificate store.

What is the proper way to reference certificate from signature template.
I though that something like (note reference to certificate in
X509SubjectName element):

<myDoc>
  ...
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      ...
    </ds:SignedInfo>
    <ds:SignatureValue></ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509SubjectName>CN=Jan Tester</ds:X509SubjectName>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>
</myDoc>

would be sufficient. But when I run xmlsec with:

xmlsec --sign --crypto mscrypto --output signed.xml template.xml

I got:

func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlSecKe
ysMngrFindKey:error=1:xmlsec library function failed: ;last
error=-2146885628 (0
x80092004);last error msg=Cannot find object or property.

It seems that xmlsec is unable to find certificate for signing. What's
the proper way of referencing certificate? (Note that I'm able to sign
document if I dump complete certificate inside X509Certificate element,
but this element is then duplicated in the output. Not speaking about
inconvenience of such method.)

Thanks in advance,

				Jirka

-- 
------------------------------------------------------------------
  Jirka Kosek      e-mail: jirka at kosek.cz      http://xmlguru.cz
------------------------------------------------------------------
       Professional XML consulting and training services
  DocBook customization, custom XSLT/XSL-FO document processing
------------------------------------------------------------------
 OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 member
------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100420/c962e04a/attachment.pgp>

More information about the xmlsec mailing list