[xmlsec] Status of SHA-2 ms crypto patch

Aleksey Sanin aleksey at aleksey.com
Sat Apr 24 18:27:22 PDT 2010

Actually, I did a little more research and figured out how to
specify CSP from pkcs12 file. I've updated tests and everything
looks good now.


On 4/24/2010 3:04 PM, Aleksey Sanin wrote:
> Thanks for the reminder! I've actually had it sitting on
> a branch for a while. Unfortunately, I was able to get
> the verification part supported but I can't figure out
> how to force CryptAcquireCertificatePrivateKey() to use
> the new "Microsoft Enhanced RSA and AES Cryptographic
> Provider" instead of the default one. Because of that
> signatures from pkcs12 files are broken. I was planning
> to take a look but never got back to it.
> Anyway, I decided to check it in - I cleaned up a lot of
> stuff with this patch and added ability to search for any
> number of providers. Roumen, I know you've looked at the
> original patch and I would appreciate if you can take a look:
> http://git.gnome.org/browse/xmlsec/commit/?id=6ca808b68ab4a0acc1e2c3ec9ad707720cc8c56d
> I would appreciate your comments.
> Aleksey
> On 4/23/2010 11:48 PM, Jirka Kosek wrote:
>> Hi folks,
>> what's the status of the following patch:
>> http://www.aleksey.com/pipermail/xmlsec/2010/008807.html
>> Were issues resolved and patch accepted? I'm asking because in Europe
>> legislation in many requires to use SHA-2 based digesting and digital
>> signature algorithms starting from 2010/2011. xmlsec is now extensively
>> used on Windows platform in cases when .NET/Java crypto libraries can't
>> be used for some reason.
>> Thanks for info,
>> Jirka
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list