[xmlsec] XMLsec Command Line Utility and MSCrypto

Wouter wsh at xs4all.nl
Fri Sep 19 00:20:21 PDT 2003

The behaviour of mscrypt is the same as in NSS. So what Aleksey is
assuming is in fact true. You don't need to load keys from MS certstore
in advance here. When a keyname is given, like in the example, the
keysstore searches first in the simple keysstore (used as a temporarily
'cached keys' store), and when no key is found, the MS Certstore is
searched to find the key. When in the MS Certstore a match is found, the
key is returned and can be used. If the key from the cert store, also
has a private counterpart, it can also be used for signing and
decryption, otherwise only encryption and verification is supported (of
course). That is determined automatically.

Currently the implementation is not complete, since keyInfo Ctx is not
used yet to search for keys in the MS Cert store, but I'm not sure if
that is needed: Is there a possibility that the KeyInfoCtx has a keyname
in it, while the separate keyname parameter in the function call is


> -----Original Message-----
> From: xmlsec-admin at aleksey.com 
> [mailto:xmlsec-admin at aleksey.com] On Behalf Of Aleksey Sanin
> Sent: Friday, September 19, 2003 6:30
> To: Edward Shallow
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] XMLsec Command Line Utility and MSCrypto
> If you have a public key with name "Steve Archdeacon" in MS 
> Crypto key 
> store
> then probably the answer is yes. I use word "probably" here 
> only because 
> I did not
> read all the xmlsec-mscrypto code yet.
> It's defenetly the case for xmlsec-nss and NSS key db. I 
> would hope that 
> this should
> be the same for xmlsec-mscrypto and this would probably be a feature 
> request anyway.
> Aleksey
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list