[xmlsec] Can't find key using mscrpto

Edward Shallow ed.shallow at rogers.com
Thu Oct 13 10:47:55 PDT 2005 

Hi Aleksey,

This sign over a template and subsequent verify works fine using
command-line utility:

xmlsec sign --crypto mscrypto --output inout/edsigned-enveloped.xml
tmpl/tmpl-EPM-sign-enveloped.xml

xmlsec verify --store-references --crypto mscrypto
inout/edsigned-enveloped.xml

The KeyInfo from simple enveloped signature template looks like this:

<dsig:KeyInfo>
	<dsig:KeyName>E=CAAdmin at upu.int,CN=Test User 1,OU=Electronic Post
Mark,O=For Test Use Only,O=Universal Postal
Union,L=Berne,ST=Berne,C=CH</dsig:KeyName>
	<dsig:X509Data>
		<dsig:X509Certificate></dsig:X509Certificate>
		<dsig:X509SubjectName></dsig:X509SubjectName>
		<dsig:X509IssuerSerial></dsig:X509IssuerSerial>
	</dsig:X509Data>
</dsig:KeyInfo>


I am trying to recreate this simple sign scenario from code using Python
with the ctypes module (which marshals Python calls to/from "C" dll's and
so's)

I have successfully wrapped most of libxml2 using Python and ctypes and was
then moving onto xmlsec. Got stalled at the GetKey.

Not sure my call sequence is good though.

This simplified code snippet produces the stdout below it:

###################################################################
# Initialization
###################################################################
    print 'Entering xmlsec ctypes wrap'
    print 'Loading libxml2 parser'
    libxml2 = cdll.libxml2
    xmlsec = cdll.libxmlsec
    print 'Initializing xmlsec, return code', xmlsec.xmlSecInit()
    print 'Loading dynamic crypto support, return code ',
xmlsec.xmlSecCryptoDLInit()
    print 'Loading mscrypto, return code ',
xmlsec.xmlSecCryptoDLLoadLibrary('mscrypto')
    print 'CryptoAppInit, return code ', xmlsec.xmlSecCryptoAppInit()
    print 'CryptoInit, return code ', xmlsec.xmlSecCryptoInit()
###################################################################
# Let's sign a template
###################################################################
    parsedDoc =
xmlsec.xmlSecParseFile('c:/xmlsec/tmpl-EPM-sign-enveloped-keyname.xml')
# uses xmlsec
    rootNode = libxml2.xmlDocGetRootElement(parsedDoc)

    sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
    print 'found signature node', sigNode.contents.name
    keysMngr = xmlsec.xmlSecKeysMngrCreate()
    rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
    print 'CryptoAppDefaultKeysMngrInit returned with rc', rc
    dsigCtx = xmlsec.xmlSecDSigCtxCreate(keysMngr)
    keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr)
    print 'keyInfoCtx.contents.keysMngr', keyInfoCtx.contents.keysMngr,
'keyInfoCtx.contents.mode', keyInfoCtx.contents.mode
#    keyNode = xmlsec.xmlSecFindNode(rootNode, 'KeyInfo',
'http://www.w3.org/2000/09/xmldsig#')
#    print 'found KeyInfo node', keyNode.contents.name
    xmlsec.xmlSecKeyInfoCtxDebugDump(keyInfoCtx, stdout)
#    key = xmlsec.xmlSecKeysMngrGetKey(keyNode, keyInfoCtx)
#    print 'found key', key.contents.name
#    xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) 
    rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode)
    print 'Signature creation complete with status code', rc


Output from above follows ... (doesn't find key when I do an explicit
KeysMngrGetKey either)    Any ideas ?????


C:\XMLSec>libxmlsec.py
Entering xmlsec ctypes wrap
Initializing libxml2 parser
Initializing xmlsec, return code 0
Loading dynamic crypto support, return code  0
Loading mscrypto, return code  0
CryptoAppInit, return code  0
CryptoInit, return code  0
stdin fileno = 0
stdout fileno = 1
stderr fileno = 2
found signature node Signature
CryptoAppDefaultKeysMngrInit returned with rc 0
keyInfoCtx.contents.keysMngr 12159304 keyInfoCtx.contents.mode 0
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000000
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlS
ecKeysMngrFindKey:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.

func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn
own:subj=unknown:error=45:key is not found: ;last error=-2146885628
(0x80092004);last error msg=Cannot find object or property.

func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un
known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function
failed: ; last error=-2146885628 (0x80092004);last error msg=Cannot find
object or property.

func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSe
cDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.

Signature creation complete with status code -1

More information about the xmlsec mailing list