[xmlsec] Mscrypto patch 2, for cvs XMLSEC_MSCRYPTO_ 083103 branch

Jesse Pelton jsp at PKC.com
Thu Sep 4 12:15:53 PDT 2003 

Hmm.  What about machine stores?  Are there any circumstance under which it
would make sense to be able to save to or load from them?

Just out of curiosity, do you allow selection of which store to use?  If
not, how do you decide what certificates go in "Personal," "Trusted Root
Certification Authorities," "Intermediate Certification Authorities,"
"Third-Party Root Certification Authorities," "Trusted Publishers," etc?

> -----Original Message-----
> From: Wouter [mailto:wsh at xs4all.nl] 
> Sent: Thursday, September 04, 2003 2:49 PM
> To: 'Aleksey Sanin'; 'Edward Shallow'
> Cc: xmlsec at aleksey.com
> Subject: RE: [xmlsec] Mscrypto patch 2, for cvs 
> XMLSEC_MSCRYPTO_083103 branch
> 
> 
> The idea of certificates and mscrypto is indeed similar to 
> that of NSS.
> The MS CAPI is used to retrieve certificates from the 
> certificate store.
> This done through the keysstore, that is capable to also search for
> certificates from the local Certificate store. 
> 
> However for the sake of completeness and to be consistent with the
> xmlsec library direct support for pkcs12 files has been implemented as
> well (this code hasn't been committed to the cvs branch yet. It makes
> the test suite also consistent for usage. You don't want to import
> certificates just for the sake of testing each time into your
> certificate store, I could imagine....
> 
> My personal goal is however a complete integration with the local MS
> Certificate store, without having to use external key files.
> 
> Aleksey, the argument that the pkcs12 import in xmlsec is not 
> needed is
> valid, because it is already possible (quite easily) to import pkcs12
> files into the MS certificate store, so why bother in also supporting
> pkcs12 in this. 
> 
> Wouter
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Thursday, September 04, 2003 17:41
> To: Edward Shallow
> Cc: 'Wouter'; xmlsec at aleksey.com
> Subject: Re: [xmlsec] Mscrypto patch 2, for cvs XMLSEC_MSCRYPTO_083103
> branch
> 
> 
> Edward,
> 
> I am not sure I clear understand what are saying about pkcs12 
> files and 
> MS Crypto Store.
> In xmlsec-nss for example, we read pkcs12 file, put the key 
> in NSS keys 
> db and after that
> execute our tests thus we do exersise the NSS keys db functionality.
> 
> I wonder why we could not do the same for xmlsec-mscrypto? 
> IMHO, there 
> is no reason why
> we could not upload keys in MS Crypto Store first and have to 
> use them 
> directly.
> 
> Aleksey
> 
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list