aleksey at aleksey.com
aleksey at aleksey.com
Sat Dec 24 09:56:41 PST 2005
First of all, this is absolutely correct because namespace
prefix *does not* matter at all (look up XML namespaces
spec for details).
Now, the short answer on your question is: there is no way
to make xmlsec use "custom" namespace prefix for dsig namespace.
I really don't see reasons for making this change but
if you would be interested in creating a patch then I'll
be happy to apply it.
> Yes I am seeing the same thing with numerous templates.
> -----Original Message-----
> From: Alexander Trishin [mailto:trial at trishin.com]
> Sent: December 23, 2005 12:20 PM
> To: ed.shallow at rogers.com
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] xmlsec
> I'm using xCBL 4.0 documents which define dgs prefix for xmldsig <Invoice
> xmlns:dgs="http://www.w3.org/2000/09/xmldsig#" > So I'm defining signature
> template as <dgs:Signature>
> <dgs:Reference URI="">
> After document is signed all elements still have dgs prefix but
> Although it does not create a verification problem, I find it strange.
> Is there a way to keep it consistent?
> Thank you,
> Edward Shallow wrote:
>> Aleksey did understand you correctly. Simply initialize the
>><KeyName> in a template file (sample attached) and the private signing
>>key will be extracted from the MS system key store (i.e. 'MY'). Rough
>>sequence of calls
>>(simplified) as follows:
>> xmlParseFile('the template')
>> xmlSecFindNode(rootNode, 'Signature',
>> xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
>> xmlSecDSigCtxSign(dsigCtx, sigNode)
>> Depending on which crypto you are using the <KeyName> can contain
>>either the short friendly name (from CN=...) or the full X509
>>Both will work. mscrypto for example will look first in the Simple Key
>>Store if you have adopted one and then in the 'MY' certificate store
>>for your signing key. In the above sequence, I did not load or adopt a
>>Key Store, so mscrypto goes directly to the system key store 'MY'.
>> Note: OpenSSL does not have a system key store.
>>From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On
>>Behalf Of Alexander Trishin
>>Sent: December 19, 2005 7:00 PM
>>To: Aleksey Sanin
>>Cc: xmlsec at aleksey.com
>>Subject: Re: [xmlsec] xmlsec
>>I probably didn't make myself clear.
>>I'm looking at the code to produce a signed xml, the key info and
>>certificate come from the external file for the sample.
>>My question is - what functions should I use to change that? So that
>>key info and Certificate come from the system store, and not from the
>>Thank you in advance,
>>Aleksey Sanin wrote:
>>>I am not a big mscrypto user myself and I hope someone will correct my
>>>lies here... but I believe that you just need to put the key name
>>>(i.e. certificate subject) into the <KeyName> element of your
>>>Alexander Trishin wrote:
>>>>I'm trying to create a test console app to sign XML files with the
>>>>X509 certificate. I took a look at samples provided but yet to figure
>>>>out how do I sign an XML file with the Certificate that I already
>>>>have in "MY" store. Certificate does have a private key.
>>>>If someone can point me in the right direction or has sample I'd be
>>>>Platform is Windows with ms crypto library.
>>>>xmlsec mailing list
>>>>xmlsec at aleksey.com
>>xmlsec mailing list
>>xmlsec at aleksey.com
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec