[xmlsec] Problem with 1.2.18 and mscrypto - key not found

Aleksey Sanin aleksey at aleksey.com
Sat Jun 18 12:19:31 PDT 2011 

Ed,

It is hard for me to give advice on Windows but I recall one of the big 
changes
between releases was Unicode support. I am not sure how you compiled the 
library
but it is strongly recommended to use Unicode support.

Obviously, the error indicates that we can't find a key in MSCrypto 
storage. You are
loading it by name and I can easily see a problem with Unicode there. 
Try to debug it
and watch the key name passed to MSCrypto.

Aleksey


On 6/18/11 10:59 AM, EdShallow wrote:
> Hi Aleksey,
>
>      The template below work fine with 1.2.13 xmlsec command line on 
> the same machine and the same crypto keys using all Igor's 1.2.13 
> binaries.
>
>      I kept everything the same except I compiled your 1.2.18 .... all 
> clean. I spoke with you yesterday about this. I am using VC7.1 with 
> msvcr71.dll and Igor's includes, libs, and binaries for libxml, libxslt.
>
>     This signing template works at the command line with Igor's 1.2.13 
> binaries but does not work with my compiled 1.2.18 dll's.
> Igor has not updated his binaries for a very long time. He is still at 
> 1.2.13 and I need your new mscrypto algorithms introduced in 1.2.15
>
> Any suggestions for me to try ?
>
> Thanks,
> Ed
>
> Template as follows:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Signature created by XMLDSIG Engine and XMLSec Lib V1.2.18
> -->
> <Document>
> <Data>
> <SubData1>
> <SubSubData1 MimeType="text/plain">This is the data to be 
> signed.</SubSubData1>
> <SubSubData2 MimeType="text/plain">This is the data to be 
> signed.</SubSubData2>
> <SubSubData3 MimeType="text/plain">This is the data to be 
> signed.</SubSubData3>
> </SubData1>
> <SubData2>This is the data to be signed.</SubData2>
> <SubData3>This is the data to be signed.</SubData3>
> </Data>
> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
> <dsig:SignedInfo>
> <dsig:CanonicalizationMethod 
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <dsig:SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <dsig:Reference URI="">
> <dsig:Transforms>
> <dsig:Transform 
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </dsig:Transforms>
> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <dsig:DigestValue></dsig:DigestValue>
> </dsig:Reference>
> </dsig:SignedInfo>
> <dsig:SignatureValue></dsig:SignatureValue>
> <dsig:KeyInfo>
> <dsig:KeyName>Shallow, Ed</dsig:KeyName>
> <dsig:X509Data><dsig:X509Certificate/><dsig:X509SubjectName/><dsig:X509IssuerSerial/>
> </dsig:X509Data>
> </dsig:KeyInfo>
> </dsig:Signature>
> </Document>
>
> Output from command line tool as follows:
>
> C:\XMLSec>xmlsec sign --crypto mscrypto --output 
> inout/edsigned-enveloped.xml tmpl/tmpl-EPM-sign-enveloped.xml
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec 
> library function failed: ;last error=-2146885628 (0x80092004);
> last error 
> msg=func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key 
> is not found: ;last error=-2146885628 (0x80092004);last error 
> msg=func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec 
> library function failed: ;last error=-2146885628 (0x80092004);last 
> error msg=
> func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec 
> library function failed: ;last error=-2146885628 (0x80092004);last 
> error msg=
> Error: signature failed
> Error: failed to sign file "tmpl/tmpl-EPM-sign-enveloped.xml"
>
> Suggestions ?
>
> -- 
> Ed's Contact Information:
> Mobile Phone: 613-852-6410
> Gmail: ed.shallow at gmail.com <mailto:ed.shallow at gmail.com>
> VOIP Address: 107529 at sip.ca1.voip.ms <mailto:107529 at sip.ca1.voip.ms>
> VOIP DID#: 613-458-5004
> Skype ID: edward.shallow
> Home Phone: 613-482-2090
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20110618/9dc934b0/attachment.html>

More information about the xmlsec mailing list