[xmlsec] Signing with X509 certificate using mscrypto provider
Aleksey Sanin
aleksey at aleksey.com
Tue Apr 20 11:49:20 PDT 2010
Sorry, I am not very familiar with mscrypto...
Could you please try to put the certificate subject into
"KeyName" element? I recall xmlsec-mscrypto is using it
to search for certificate/private key pair. Also I believe
there is a notion of "friendly name" that is also can be
used as "KeyName" to refer to the key.
Aleksey
On 4/20/2010 5:43 AM, Jirka Kosek wrote:
> Hi,
>
> I would like to sign XML files using xmlsec command line utility using
> certificates stored inside Windows certificate store.
>
> What is the proper way to reference certificate from signature template.
> I though that something like (note reference to certificate in
> X509SubjectName element):
>
> <myDoc>
> ...
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> ...
> </ds:SignedInfo>
> <ds:SignatureValue></ds:SignatureValue>
> <ds:KeyInfo>
> <ds:X509Data>
> <ds:X509SubjectName>CN=Jan Tester</ds:X509SubjectName>
> </ds:X509Data>
> </ds:KeyInfo>
> </ds:Signature>
> </myDoc>
>
> would be sufficient. But when I run xmlsec with:
>
> xmlsec --sign --crypto mscrypto --output signed.xml template.xml
>
> I got:
>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlSecKe
> ysMngrFindKey:error=1:xmlsec library function failed: ;last
> error=-2146885628 (0
> x80092004);last error msg=Cannot find object or property.
>
> It seems that xmlsec is unable to find certificate for signing. What's
> the proper way of referencing certificate? (Note that I'm able to sign
> document if I dump complete certificate inside X509Certificate element,
> but this element is then duplicated in the output. Not speaking about
> inconvenience of such method.)
>
> Thanks in advance,
>
> Jirka
>
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list