[xmlsec] Signing with X509 certificate using mscrypto provider

Aleksey Sanin aleksey at aleksey.com
Tue Apr 20 16:06:18 PDT 2010

>> Yeah, xmlsec utility is smart enough to convert command line parameters
>> from code page to utf8 as expected on windows. I'll take a look, should
>> be trivial fix.
> I haven't used command line parameters, but signature template file in XML.

Ah, sorry I missed that.

>>> So it seems that there is a bug related to processing non-ASCII
>>> characters. Also if I ask for certificate subject and issuer in a
>>> signature template and these fields contain non-ASCII characters, I get
>>> the following error from xmlsec:
>>> output error : invalid character value
>>> output error : string is not in UTF-8
>> This is not a bug. By default, all data in XML file are expected to be
>> in UTF8 encoding. If you use different encoding, then you need to
>> specify the encoding you use in XML prolog.
> Then there is probably another problem. My files were in UTF-8 with
> proper<?xml version="1.0" encoding="utf-8"?>  declaration. But xmlsec
> was unable to find matching key (last error msg=Cannot find object or
> property). I even tried to escape Czech characters using&#...;
> notation, but without success.
> I'm not familiar with xmlsec internals, but I suppose that it uses
> libxml2 for parsing, so input encoding should be converted to UTF-8 for
> in-memory storage. So encoding of XML file shouldn't matter?

You need to tell xml parser (libxml2) what is the file encoding.
It can't convert correctly to UTF8 unless it knows the source encoding.
BTW, libxml2 simply skips unknown characters in the input and this
explains the error you got ("key not found" from xmlsec) - the key name
was mangled. Set the correct in the xml prolog and it will work.


More information about the xmlsec mailing list