[xmlsec] Signing with X509 certificate using mscrypto provider
Jirka Kosek
jirka at kosek.cz
Wed Apr 21 01:00:27 PDT 2010
Aleksey Sanin wrote:
> You need to tell xml parser (libxml2) what is the file encoding.
> It can't convert correctly to UTF8 unless it knows the source encoding.
> BTW, libxml2 simply skips unknown characters in the input and this
> explains the error you got ("key not found" from xmlsec) - the key name
> was mangled. Set the correct in the xml prolog and it will work.
Prolog and encoding was correct (I think that I have pretty deep
knowledge of Unicode and its encodings). I even tried UTF-8 with and
without BOM character and still have no success.
If you have access to Windows box, you can very easily reproduce bug.
Create self-signed certificate by using makecert tool (part of .NET SDK)
and use some accented characters (or cyrillic, I expect same problems)
in subject, eg.:
makecert -r -pe -n "CN=Jiří Novák" -e 12/31/2020 -ss My
and then try to sign with template containing:
...
<ds:KeyInfo>
<ds:KeyName>CN=Jiří Novák</ds:KeyName>
<ds:X509Data>
<ds:X509Certificate/>
</ds:X509Data>
</ds:KeyInfo>
...
Thanks,
Jirka
--
------------------------------------------------------------------
Jirka Kosek e-mail: jirka at kosek.cz http://xmlguru.cz
------------------------------------------------------------------
Professional XML consulting and training services
DocBook customization, custom XSLT/XSL-FO document processing
------------------------------------------------------------------
OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 member
------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100421/e150070f/attachment.pgp>
More information about the xmlsec
mailing list