[xmlsec] xmlsec

Alexander Trishin trial at trishin.com
Fri Dec 23 09:19:37 PST 2005

I'm using xCBL 4.0 documents which define dgs prefix for xmldsig
<Invoice xmlns:dgs="http://www.w3.org/2000/09/xmldsig#" >
So I'm defining signature template as
        <dgs:Reference URI="">

After document is signed all elements still have dgs prefix but 

Although it does not create a verification problem, I find it strange. 
Is there a way to keep it consistent?

Thank you,

Edward Shallow wrote:

>Hi Alex,
>   Aleksey did understand you correctly. Simply initialize the <KeyName> in
>a template file (sample attached) and the private signing key will be
>extracted from the MS system key store (i.e. 'MY'). Rough sequence of calls
>(simplified) as follows: 
>    xmlParseFile('the template')
>    xmlDocGetRootElement()
>    xmlSecFindNode(rootNode, 'Signature',
>    xmlSecKeysMngrCreate()
>    xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
>    xmlSecDSigCtxCreate()
>    xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
>    xmlSecDSigCtxSign(dsigCtx, sigNode)
>   Depending on which crypto you are using the <KeyName> can contain either
>the short friendly name (from CN=...) or the full X509 Distinguished Name.
>Both will work. mscrypto for example will look first in the Simple Key Store
>if you have adopted one and then in the 'MY' certificate store for your
>signing key. In the above sequence, I did not load or adopt a Key Store, so
>mscrypto goes directly to the system key store 'MY'.
>   Note: OpenSSL does not have a system key store.
>-----Original Message-----
>From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On
>Behalf Of Alexander Trishin
>Sent: December 19, 2005 7:00 PM
>To: Aleksey Sanin
>Cc: xmlsec at aleksey.com
>Subject: Re: [xmlsec] xmlsec
>I probably didn't make myself clear.
>I'm looking at the code to produce a signed xml, the key info and
>certificate come from the external file for the sample.
>My question is - what functions should I use to change that? So that key
>info and Certificate come from the system store, and not from the file.
>Thank you in advance,
>Aleksey Sanin wrote:
>>I am not a big mscrypto user myself and I hope someone will correct my 
>>lies here... but I believe that you just need to put the key name 
>>(i.e. certificate subject) into the <KeyName> element of your 
>>signature template.
>>Alexander Trishin wrote:
>>>Dear Friends,
>>>I'm trying to create a test console app to sign XML files with the
>>>X509 certificate. I took a look at samples provided but yet to figure 
>>>out how do I sign an XML file with the Certificate that I already 
>>>have in "MY" store. Certificate does have a private key.
>>>If someone can point me in the right direction or has sample I'd be 
>>>greatly appreciated.
>>>Platform is Windows with ms crypto library.
>>>Thank you,
>>>xmlsec mailing list
>>>xmlsec at aleksey.com
>xmlsec mailing list
>xmlsec at aleksey.com

More information about the xmlsec mailing list