[xmlsec] question: signing xml with pfx

Wed Aug 25 09:03:17 PDT 2004

Try xmlSecCryptoAppPkcs12Load() function which has "password callbacks".

Aleksey

Leonardo Lazcano wrote:

> Hi, does any one know how to load a private key and
> certificate(pfx format) in a signing context when
> certificate is password protected?
> 
> I'm using C# and making calls to methods in dll, but 
> method that loads certificate data: 
> 
> xmlSecCryptoAppKeyCertLoad(Key, FileName,
> xmlsecInterface.xmlSecKeyDataFormatPkcs12)
> 
> doesn't allow a password, so there is another way to
> load private key and certificate data from a pfx file?
> or another xmlSecCryptoAppKeyCertLoad function that
> allows passwords?
> 
> 
> 
> 			xmlsecInterface.xmlInitParser();
> 			//i =
> xmlsecInterface.xmlSubstituteEntitiesDefault(1);
> 			i = xmlsecInterface.xmlSecInit();
> 			//i = xmlsecInterface.xmlSecCheckVersion();
> 			i =
> xmlsecInterface.xmlSecCryptoDLLoadLibrary(cryptolib);
> 			i = xmlsecInterface.xmlSecCryptoAppInit(null);
> 			i = xmlsecInterface.xmlSecCryptoInit();
> 
> 			p =
> System.Runtime.InteropServices.Marshal.StringToHGlobalAnsi(sXmlData);
> 			xmlData = (char *)p.ToPointer();
> 			document =
> xmlsecInterface.xmlParseMemory(xmlData,sXmlData.Length);
> 			if (document == IntPtr.Zero.ToPointer() ||
> xmlsecInterface.xmlDocGetRootElement(document) ==
> IntPtr.Zero.ToPointer())
> 			{
> 				MessageBox.Show("No se pudo cargar el xml");
> 				return;
> 			}
> 
> 			signNode =
> xmlsecInterface.xmlSecTmplSignatureCreate(document,
> xmlsecInterface.xmlSecTransformExclC14NWithCommentsGetKlass(),
> 
> 			
> xmlsecInterface.xmlSecTransformDsaSha1GetKlass(),(char
> *)IntPtr.Zero.ToPointer());
> 
> 			if (signNode == IntPtr.Zero.ToPointer())
> 			{
> 				MessageBox.Show("No se pudo crear el nodo de
> firma");
> 				return;
> 			}
> 
> 		
> xmlsecInterface.xmlAddChild(xmlsecInterface.xmlDocGetRootElement(document),
> signNode);
> 			refNode =
> xmlsecInterface.xmlSecTmplSignatureAddReference(signNode,
> xmlsecInterface.xmlSecTransformSha1GetKlass(), 
> 				(char *)IntPtr.Zero.ToPointer(), (char
> *)IntPtr.Zero.ToPointer(), (char
> *)IntPtr.Zero.ToPointer());
> 
> 			if (refNode == IntPtr.Zero.ToPointer())
> 			{
> 				MessageBox.Show("No se pudo crear la
> transformacion del SHA");
> 				return;
> 			}
> 
> 			if
> (xmlsecInterface.xmlSecTmplReferenceAddTransform(refNode,
> xmlsecInterface.xmlSecTransformEnvelopedGetKlass()) ==
> IntPtr.Zero.ToPointer())
> 			{
> 				MessageBox.Show("No se pudo crear la
> transformacion de firma");
> 				return;
> 			}
> 
> 			keyInfoNode =
> xmlsecInterface.xmlSecTmplSignatureEnsureKeyInfo(signNode,
> (char *)IntPtr.Zero.ToPointer());
> 			if (keyInfoNode == IntPtr.Zero.ToPointer())
> 			{
> 				MessageBox.Show("No se pudo crear el nodo
> keyinfo");
> 				return;
> 			}
> 
> 			if
> (xmlsecInterface.xmlSecTmplKeyInfoAddX509Data(keyInfoNode)
> == IntPtr.Zero.ToPointer())
> 			{
> 				MessageBox.Show("No se pudo crear el nodo X509");
> 				return;
> 			}
> 
> 			dsigCtx = (xmlSecDSigCtx
> *)xmlsecInterface.xmlSecDSigCtxCreate(IntPtr.Zero.ToPointer());
> 
> 			if (dsigCtx == IntPtr.Zero.ToPointer())
> 			{
> 				MessageBox.Show("No se pudo crear el contexto de
> firma");
> 				return;
> 			}
> 	
> 
> 			Key =
> xmlsecInterface.xmlSecOpenSSLAppPkcs12Load(FileName,
> pfxPass,
> xmlsecInterface.xmlSecCryptoAppGetDefaultPwdCallback(),
> dsigCtx);
> 			if (Key == IntPtr.Zero.ToPointer())
> 			{
> 				MessageBox.Show("No se pudo cargar la clave");
> 				return;
> 			}
> 
> 			dsigCtx->signKey = Key;
> 
> 			//always fail because the pfx file has password
> 			//if
> (xmlsecInterface.xmlSecCryptoAppKeyCertLoad(Key,
> FileName,
> xmlsecInterface.xmlSecKeyDataFormatPkcs12)<0)
> 			//{
> 			//	MessageBox.Show("No se pudo cargar el
> certificado");
> 				//return;
> 			//}
> 
> 			if ((i = xmlsecInterface.xmlSecDSigCtxSign(dsigCtx,
> signNode))<0)
> 			{
> 				MessageBox.Show("No se pudo firmar el xml");
> 				//return;
> 			}
> 
> 
> 			xmlsecInterface.xmlDocDumpMemory(document,
> &signedXml, &signedXmlSize);
> 
> 			p = (IntPtr)signedXml;
> 
> 			resultXml =
> System.Runtime.InteropServices.Marshal.PtrToStringAnsi(p);
> 			textBox2.Text = resultXml;
> 
> 
> 
> 
> Leonardo Lazcano.
> 
> 
> 		
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail Address AutoComplete - You start. We finish.
> http://promotions.yahoo.com/new_mail 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec