[xmlsec] Microsoft CAPI support with hardware token

xs04.jmdesp at free.fr xs04.jmdesp at free.fr
Wed Mar 31 08:23:58 PST 2004

How much testing has been done of xmlsec with hardware token in the Microsoft CAPI ?

Can some people on the list report case of success/failure they have seen ?

I tried to use it with an USB ActiveCard smart card reader, unfortunately not
The problem is caused by the fact the ActiveCard CSP does not support the
CryptDuplicateKey call that is made inside xmlSecMSCryptoKeyDataDuplicate.
This causes problems for both signature and encryption.

I wonder how really required the call is.

The Microsoft doc seems to imply that this function is only really required to
be able to change with CryptSetKeyParam the parameters of the copy of a session
key, and then be able to use the same key with two different set of parameters.

There should be no need of a session key for signature part, and a test hack of
just copying the key handle instead of duplicating the key was quite successful
for the signature, but still leaves some problems for the encryption.

More information about the xmlsec mailing list