[xmlsec] Status of SHA-2 ms crypto patch

Aleksey Sanin aleksey at aleksey.com
Sat Apr 24 15:04:27 PDT 2010

Thanks for the reminder! I've actually had it sitting on
a branch for a while. Unfortunately, I was able to get
the verification part supported but I can't figure out
how to force CryptAcquireCertificatePrivateKey() to use
the new "Microsoft Enhanced RSA and AES Cryptographic
Provider" instead of the default one. Because of that
signatures from pkcs12 files are broken. I was planning
to take a look but never got back to it.

Anyway, I decided to check it in - I cleaned up a lot of
stuff with this patch and added ability to search for any
number of providers. Roumen, I know you've looked at the
original patch and I would appreciate if you can take a look:


I would appreciate your comments.


On 4/23/2010 11:48 PM, Jirka Kosek wrote:
> Hi folks,
> what's the status of the following patch:
> http://www.aleksey.com/pipermail/xmlsec/2010/008807.html
> Were issues resolved and patch accepted? I'm asking because in Europe
> legislation in many requires to use SHA-2 based digesting and digital
> signature algorithms starting from 2010/2011. xmlsec is now extensively
> used on Windows platform in cases when .NET/Java crypto libraries can't
> be used for some reason.
> Thanks for info,
> 				Jirka
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list