[Bulk] Re: [Bulk] Re: [xmlsec] OpenSSL vs mscrypto

Edward Shallow ed.shallow at rogers.com
Thu Jan 12 22:32:18 PST 2006

Yes of course I get a match on "Test User 1" and everything works. The point
is "It shouldn't work". When I do not load --trusted-der it should not work,
and it does. Meaning "No cert chain checking".

It is impossible for your script to work without loading "Test User 1" into
the 'MY' store. In fact the command line utility defaults to 'MY' so you
have to put it there. If you are using my signed document it contains
<dsig:KeyName>. You said you are not using --enabled-key-data so standard
processing in mscrypto will try to find "Test User 1" no matter what.

There is nothing tricky about my setup, it passes all your test suite

I am puzzled at your explanation ?


As I wrote, I *did not* use this option in my test. What your results show
is exactly what I already explained to you: the key w/o "--enabled-key-data
is searched by key name and you have a match in your MS Crypto store.


xmlsec mailing list
xmlsec at aleksey.com

More information about the xmlsec mailing list