[xmlsec] Signing with X509 certificate using mscrypto provider

Jirka Kosek jirka at kosek.cz
Wed Apr 21 01:00:27 PDT 2010

Aleksey Sanin wrote:

> You need to tell xml parser (libxml2) what is the file encoding.
> It can't convert correctly to UTF8 unless it knows the source encoding.
> BTW, libxml2 simply skips unknown characters in the input and this
> explains the error you got ("key not found" from xmlsec) - the key name
> was mangled. Set the correct in the xml prolog and it will work.

Prolog and encoding was correct (I think that I have pretty deep
knowledge of Unicode and its encodings). I even tried UTF-8 with and
without BOM character and still have no success.

If you have access to Windows box, you can very easily reproduce bug.
Create self-signed certificate by using makecert tool (part of .NET SDK)
and use some accented characters (or cyrillic, I expect same problems)
in subject, eg.:

makecert -r -pe -n "CN=Jiří Novák" -e 12/31/2020 -ss My

and then try to sign with template containing:

   <ds:KeyName>CN=Jiří Novák</ds:KeyName>



  Jirka Kosek      e-mail: jirka at kosek.cz      http://xmlguru.cz
       Professional XML consulting and training services
  DocBook customization, custom XSLT/XSL-FO document processing
 OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 member

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100421/e150070f/attachment.pgp>

More information about the xmlsec mailing list