[xmlsec] XMLsec Command Line Utility and MSCrypto

Wouter wsh at xs4all.nl
Fri Sep 19 11:52:27 PDT 2003

What I mean is (or better said what I'm asking is): The function
xmlSecXXXKeysStoreFindKey has the following parameters: 

mlSecKeyStorePtr store, 
const xmlChar* name, 
xmlSecKeyInfoCtxPtr keyInfoCtx

My implementation of this function is that first an instance of the
simple keysstore is called with the given parameters, then (when not key
is found) only the given name is used to search a key in ms certificate
store. Debugging a test session, I discovered that the simple keys store
does more: First the name is used to search for a key. When that fails,
the keyInfoCtx is used to search for a match of a key in the keysstore.
For example if keytype and keysize are matched with a key found in the
keysstore, then that key is returned. My question is should I when
searching a key in the MS Certificate store follow the same process:
First trying to locate a key based upon the given name, and if no name
is given try to locate a key in the store that matches the data like the
simple keys store does.

I don't know exactly what data found in a keyInfoCtx can be used for
that, and I'm even wondering if I should implement this behaviour.

So in short: What behaviour is to be expected from this function?


> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Friday, September 19, 2003 17:28
> To: Wouter
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] XMLsec Command Line Utility and MSCrypto
> The xmlSecKeyInfoCtx is used to store all context information 
> related to 
> the key search.
> This includes private xmlsec data as well as application 
> specific data. 
> For example,
> an application that uses database for storing key might want to put 
> database session
> handle in the xmlSecKeyInfoCtx if it uses multiple connections to 
> database for each
> thread. All key requirements (key name, public or private, key size, 
> etc.) are in the
> xmlSecKeyReq object. I am not sure I understand what do you 
> mean by "the 
> KeyInfoCtc
> has a keyname".
> Aleksey
> >Currently the implementation is not complete, since keyInfo 
> Ctx is not 
> >used yet to search for keys in the MS Cert store, but I'm 
> not sure if 
> >that is needed: Is there a possibility that the KeyInfoCtx has a 
> >keyname in it, while the separate keyname parameter in the function 
> >call is null?
> >  
> >
> >

More information about the xmlsec mailing list