[xmlsec] Openssl OK - mscrypto NOT

Edward Shallow ed.shallow at rogers.com
Tue Dec 13 07:56:39 PST 2005

Hi Aleksey,

After weeks of trying I have isolated what appears to be a bug in mscrypto.
The pseudo-code below (Python with ctypes) works fine with openssl. It is a
3des Session Encrypt with RSA Key Transport using a template. However I get
the following when I dynamically load mscrypto with all else being the same.
That is ... It works with openssl but does not work with mscrypto. The error
is returned on the xmlSecCryptoAppKeyLoad call to mscrypto for the public
certificate. Tried several variations i.e. .der cert, public key .pem, etc

Output from mscrypto test as follows:

Entering xmlsec ctypes wrap, loading libxml2, libxmlsec, and mscrypto dll's
Loading dynamic crypto support          status code 0
Loading mscrypto                        status code 0
MSCryptoAppInit                         status code 0
Initializing xmlsec                     status code 0
CryptoInit                              status code 0
CryptoAppDefaultKeysMngrInit            status code 0
KeysStoreLoad                           status code 0
desKlass.contents.name                  des
xmlSecSimpleKeysStoreAdoptKey           status code 0
n:subj=unknown:error=17:invalid format:format=7;last error=0
(0x00000000);last error msg=The operation completed successfully.

func=xmlSecKeySetName:file=..\src\keys.c:line=759:obj=unknown:subj=key !=
NULL:error=100:assertion: ;last error=0 (0x00000000);last error msg=The
operation completed successfully.

wn:subj=key != NULL:error=100:assertion: ;last error=0 (0x00000000);last
error msg=The operation completed successfully.

xmlSecSimpleKeysStoreAdoptKey           status code -1

Here is the drastically simplified Python code:

    keysMngr = xmlsec.xmlSecKeysMngrCreate()
    id = xmlsec.xmlSecSimpleKeysStoreGetKlass()
    keyStore = xmlsec.xmlSecKeyStoreCreate(id)
    desKlass = xmlsec.xmlSecKeyDataDesGetKlass()
    sessionKey = xmlsec.xmlSecKeyGenerateByName(desKlass.contents.name,
c_int(192), c_int(12))
    rc = xmlsec.xmlSecKeySetName(sessionKey, 'epm-des')
    rc = xmlsec.xmlSecSimpleKeysStoreAdoptKey(keyStore, sessionKey)
    publicKey = xmlsec.xmlSecCryptoAppKeyLoad(publicCert, 7, None, None,
    rc = xmlsec.xmlSecKeySetName(publicKey, 'UPUenc.crt')
    rc = xmlsec.xmlSecSimpleKeysStoreAdoptKey(keyStore, publicKey)
    print 'xmlSecSimpleKeysStoreAdoptKey \t\tstatus code', rc
    rc = xmlsec.xmlSecKeysMngrAdoptKeysStore(keysMngr, keyStore)
    encCtx = xmlsec.xmlSecEncCtxCreate()
    rc = xmlsec.xmlSecEncCtxInitialize(encCtx, keysMngr)
    rc = xmlsec.xmlSecEncCtxXmlEncrypt(encCtx, encNode, targetNode)
    print '\nEncryption complete with \t\tstatus code', rc, '\n\n'

More information about the xmlsec mailing list