[xmlsec] Signing a template with mscrypto

[Dmitry Belyavsky]

Greetings!

On Wed, 7 Dec 2005, Dmitry Belyavsky wrote:

> I've successfully implemented a support of MS CSP providing Russian
> GOST. Now I try to sign a template using <X509Data/> for signer
> information.
>
> I've replaced a <KeyName/> node in sign1-tmpl.xml with <X509Data/> and
> called xmlsec utility:
>
> xmlsec --sign sign1-tmpl.xml
>
> I get a stack of errors:
>
> ===========
>
> func=:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property.
>
> func=:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property.
>
> func=:file=..\src\xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property.
>
> func=:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property.
>
> Error: signature failed
> Error: failed to sign file "sign1-tmpl.xml"
> ===========
>
> What functions should I implement to fix the problem?
>
>

On Wed, 7 Dec 2005, Aleksey Sanin wrote:

> The errors mean that xmlsec can not find the key. Usually,
> signature keys are either provided by application directly
> (e.g. specified in xmlsec utility command line) or retrieved
> from keys manager by name provided in the signature template.
> I believe sign1-tmpl.xml was using the second option.

But the original sign1-tmpl.xml is signed without errors and places
signature having correct size, though id doesn't provide any KeyName.

How do I provide name in signature template for mscrypto?

-- 
SY, Dmitry Belyavsky (ICQ UIN 11116575)