<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Sorry, I don't have Windows environment to play with anymore :(<br>
<pre class="moz-signature" cols="72">Aleksey
</pre>
<br>
On 6/25/11 10:10 AM, Ed Shallow wrote:
<blockquote cite="mid:322250.70185.qm@web88308.mail.re4.yahoo.com"
type="cite">
<style type="text/css"><!-- DIV {margin:0px;} --></style>
<div style="font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div>Any ideas guys ?<br>
<br>
Ed<br>
</div>
<div style="font-family: times new roman,new york,times,serif;
font-size: 12pt;"><br>
<div style="font-family: times new roman,new york,times,serif;
font-size: 12pt;"><font face="Tahoma" size="2">
<hr size="1"><b><span style="font-weight: bold;">From:</span></b>
Aleksey Sanin <a class="moz-txt-link-rfc2396E" href="mailto:aleksey@aleksey.com"><aleksey@aleksey.com></a><br>
<b><span style="font-weight: bold;">To:</span></b>
EdShallow <a class="moz-txt-link-rfc2396E" href="mailto:ed.shallow@gmail.com"><ed.shallow@gmail.com></a><br>
<b><span style="font-weight: bold;">Cc:</span></b> Roumen
Petrov <a class="moz-txt-link-rfc2396E" href="mailto:xmlsec@roumenpetrov.info"><xmlsec@roumenpetrov.info></a>;
<a class="moz-txt-link-abbreviated" href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>; Igor Zlatković
<a class="moz-txt-link-rfc2396E" href="mailto:igor@zlatkovic.com"><igor@zlatkovic.com></a><br>
<b><span style="font-weight: bold;">Sent:</span></b> Wed,
June 22, 2011 10:13:00 AM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [xmlsec] mscrypto 1.2.18 key is not found<br>
</font><br>
Thanks, Ed! <br>
<pre class="moz-signature">Aleksey
</pre>
<br>
On 6/21/11 10:12 PM, EdShallow wrote:
<blockquote type="cite">PostScript ... my motive to upgrade
to at least 1.2.15 is my desire to utilize the new SHA2
algorithms introduced for mscrypto.<br>
<br>
Thanks in advance for helping,<br>
Ed<br>
<br>
<div class="gmail_quote">On Wed, Jun 22, 2011 at 1:09 AM,
EdShallow <span dir="ltr"><<a moz-do-not-send="true"
rel="nofollow" ymailto="mailto:ed.shallow@gmail.com"
target="_blank" href="mailto:ed.shallow@gmail.com">ed.shallow@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">Some updates with respect to
mscrypto 1.2.18<br>
<br>
The "key is not found" error with 1.2.18 is
misleading. In fact what is happening is that when
specifying a KeyName for a certificate associated with
its private key in a key store that is not "logged
in", you get the "key is not found" error.<br>
<br>
If the CSP's container allows you to log in to the key
store prior to usage, then XMSec mscrypto will succeed
as long as the session with the private key has been
logged in.<br>
<br>
Now please be aware not all CSPs allow you to login in
advance of searching the certificate and adopting the
key. In fact most don't and prompt at first
programmatic usage (i.e. adoption or context acquire).<br>
<br>
The only CSP I have tried (and this is how I found the
problem) is Entrust's CAPI CSP called Entrust Service
Provider for Windows version 9.1. If I login to my
Entrust key store before running an XMLSec sign
operation, it works. If I am NOT already logged in to
my Entrust key store when I executed the XMLSec
command, it fails. Additionally the error message
generated by XMLSec is not indicative of really what
is happening.<br>
<br>
The standard Microsoft Cryptographic Service Provider
and the Microsoft Enhanced Cryptographic Service
Provider do NOT allow this login in advance of usage.
A login dialog box appears only when your CAPI code
attempts to acquire the certificate context and use
the key for signing. Any use of these 2 CSPs fails
with XMLSec 1.2.18.<br>
<br>
This "key is not found" behavior does NOT happen with
1.2.10, 1.2.11, 1.2.13 all of which work fine.<br>
<br>
When using these earlier versions of XMLSec, a dialog
box with login prompt is presented as a result of key
adoption and everything works fine after a successful
password is entered. The dialog re-prompts until the
correct password is provided. This is expected
behavior.<br>
<br>
All this testing was done with Igor's 1.2.18
Unicode=yes binaries which do not crash but do exhibit
the incorrect behavior described above. I did not test
much with the Unicode=no binaries as soon as I
encountered the crashes.<br>
<br>
I am not sure what triggers the dialog box with the
key protection password prompt, but this is the error
with 1.2.18. All earlier versions before 1.2.13 DO
trigger this dialog box correctly.<br>
<br>
Hope this helps,<br>
Ed
<div>
<div class="h5"><br>
<br>
<br>
<br>
<div class="gmail_quote">On Tue, Jun 21, 2011 at
4:38 PM, Roumen Petrov <span dir="ltr"><<a
moz-do-not-send="true" rel="nofollow"
ymailto="mailto:xmlsec@roumenpetrov.info"
target="_blank"
href="mailto:xmlsec@roumenpetrov.info">xmlsec@roumenpetrov.info</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:
0pt 0pt 0pt 0.8ex; border-left: 1px solid
rgb(204, 204, 204); padding-left: 1ex;">
EdShallow wrote:<br>
<blockquote class="gmail_quote" style="margin:
0pt 0pt 0pt 0.8ex; border-left: 1px solid
rgb(204, 204, 204); padding-left: 1ex;">
<div> OK guys, here is the story with
mscrypto:<br>
<br>
</div>
[SNIP]
<div><br>
throughout the above tests. it is clear
that the mscrypto code somewhere<br>
after 1.2.13 has introduced the error.<br>
<br>
</div>
</blockquote>
[SNIP]<br>
One change , if i remember well , is CP_ACP
-> CP_UTF8 . It is based on request posted
to the list.<br>
I don't have environment to test. Probably
this could be issue, but you report
ascii(latin1) names and I'm not sure that this
modification is reason for failure.<br>
<br>
If "Shallow, Ed" and "Adam Grossman" work fine
with 1.2.13 there is not reason to fail if
CP_ACP -> CP_UTF8.<br>
<br>
Also I'm afraid with report like "openssl sign
with .p12 - crash". I don't know what to say .<br>
<font color="#888888"> <br>
<br>
Roumen<br>
</font></blockquote>
</div>
<br>
<br clear="all">
<br>
</div>
</div>
<div>
<div class="h5">-- <br>
Ed's Contact Information:<br>
Mobile Phone: <a moz-do-not-send="true"
rel="nofollow">613-852-6410</a><br>
Gmail: <a moz-do-not-send="true" rel="nofollow"
ymailto="mailto:ed.shallow@gmail.com"
target="_blank"
href="mailto:ed.shallow@gmail.com">ed.shallow@gmail.com</a><br>
VOIP Address: <a moz-do-not-send="true"
rel="nofollow"
ymailto="mailto:107529@sip.ca1.voip.ms"
target="_blank"
href="mailto:107529@sip.ca1.voip.ms">107529@sip.ca1.voip.ms</a><br>
VOIP DID#: <a moz-do-not-send="true"
rel="nofollow">613-458-5004</a><br>
Skype ID: edward.shallow<br>
Home Phone: <a moz-do-not-send="true"
rel="nofollow">613-482-2090</a><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Ed's Contact Information:<br>
Mobile Phone: 613-852-6410<br>
Gmail: <a moz-do-not-send="true" rel="nofollow"
ymailto="mailto:ed.shallow@gmail.com" target="_blank"
href="mailto:ed.shallow@gmail.com">ed.shallow@gmail.com</a><br>
VOIP Address: <a moz-do-not-send="true" rel="nofollow"
ymailto="mailto:107529@sip.ca1.voip.ms" target="_blank"
href="mailto:107529@sip.ca1.voip.ms">107529@sip.ca1.voip.ms</a><br>
VOIP DID#: 613-458-5004<br>
Skype ID: edward.shallow<br>
Home Phone: 613-482-2090<br>
<br>
<pre><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
xmlsec mailing list
<a moz-do-not-send="true" rel="nofollow" class="moz-txt-link-abbreviated" ymailto="mailto:xmlsec@aleksey.com" target="_blank" href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>
<a moz-do-not-send="true" rel="nofollow" class="moz-txt-link-freetext" target="_blank" href="http://www.aleksey.com/mailman/listinfo/xmlsec">http://www.aleksey.com/mailman/listinfo/xmlsec</a>
</pre>
</blockquote>
</div>
</div>
</div>
</blockquote>
</body>
</html>