[xmlsec] Mscrypto patch 2, for cvs XMLSEC_MSCRYPTO_083103 branch

Wouter wsh at xs4all.nl
Thu Sep 4 11:48:54 PDT 2003

The idea of certificates and mscrypto is indeed similar to that of NSS.
The MS CAPI is used to retrieve certificates from the certificate store.
This done through the keysstore, that is capable to also search for
certificates from the local Certificate store. 

However for the sake of completeness and to be consistent with the
xmlsec library direct support for pkcs12 files has been implemented as
well (this code hasn't been committed to the cvs branch yet. It makes
the test suite also consistent for usage. You don't want to import
certificates just for the sake of testing each time into your
certificate store, I could imagine....

My personal goal is however a complete integration with the local MS
Certificate store, without having to use external key files.

Aleksey, the argument that the pkcs12 import in xmlsec is not needed is
valid, because it is already possible (quite easily) to import pkcs12
files into the MS certificate store, so why bother in also supporting
pkcs12 in this. 


-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Thursday, September 04, 2003 17:41
To: Edward Shallow
Cc: 'Wouter'; xmlsec at aleksey.com
Subject: Re: [xmlsec] Mscrypto patch 2, for cvs XMLSEC_MSCRYPTO_083103


I am not sure I clear understand what are saying about pkcs12 files and 
MS Crypto Store.
In xmlsec-nss for example, we read pkcs12 file, put the key in NSS keys 
db and after that
execute our tests thus we do exersise the NSS keys db functionality.

I wonder why we could not do the same for xmlsec-mscrypto? IMHO, there 
is no reason why
we could not upload keys in MS Crypto Store first and have to use them 


More information about the xmlsec mailing list