[xmlsec] Problem with 1.2.18 and mscrypto - key not found

EdShallow ed.shallow at gmail.com
Sat Jun 18 14:00:02 PDT 2011


The funny thing is all version prior to 1.2.15 had no Unicode and it worked
fine. In fact I compiled 1.2.18 with the Unicode=no option because of the
unresolved external reference problems with the strcpy_s function.

I am going to compile the 1.2.13 source and compare what happens versus
using Igor's binaries. This will prove whether my compile and link is
introducing the problem.

I will then gradually compile 1.2.14 and then 1.2.15 and then 1.2.16 and
then 1.2.17 until I see when the problem was first introduced.

Ed

On Sat, Jun 18, 2011 at 3:19 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:

> **
> Ed,
>
> It is hard for me to give advice on Windows but I recall one of the big
> changes
> between releases was Unicode support. I am not sure how you compiled the
> library
> but it is strongly recommended to use Unicode support.
>
> Obviously, the error indicates that we can't find a key in MSCrypto
> storage. You are
> loading it by name and I can easily see a problem with Unicode there. Try
> to debug it
> and watch the key name passed to MSCrypto.
>
> Aleksey
>
>
> On 6/18/11 10:59 AM, EdShallow wrote:
>
> Hi Aleksey,
>
>      The template below work fine with 1.2.13 xmlsec command line on the
> same machine and the same crypto keys using all Igor's 1.2.13 binaries.
>
>      I kept everything the same except I compiled your 1.2.18 .... all
> clean. I spoke with you yesterday about this. I am using VC7.1 with
> msvcr71.dll and Igor's includes, libs, and binaries for libxml, libxslt.
>
>     This signing template works at the command line with Igor's 1.2.13
> binaries but does not work with my compiled 1.2.18 dll's.
> Igor has not updated his binaries for a very long time. He is still at
> 1.2.13 and I need your new mscrypto algorithms introduced in 1.2.15
>
> Any suggestions for me to try ?
>
> Thanks,
> Ed
>
> Template as follows:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Signature created by XMLDSIG Engine and XMLSec Lib V1.2.18
> -->
> <Document>
>     <Data>
>         <SubData1>
>             <SubSubData1 MimeType="text/plain">This is the data to be
> signed.</SubSubData1>
>             <SubSubData2 MimeType="text/plain">This is the data to be
> signed.</SubSubData2>
>             <SubSubData3 MimeType="text/plain">This is the data to be
> signed.</SubSubData3>
>         </SubData1>
>         <SubData2>This is the data to be signed.</SubData2>
>         <SubData3>This is the data to be signed.</SubData3>
>     </Data>
>     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
>         <dsig:SignedInfo>
>             <dsig:CanonicalizationMethod Algorithm="
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>             <dsig:SignatureMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>                 <dsig:Reference URI="">
>                     <dsig:Transforms>
>                         <dsig:Transform Algorithm="
> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>                     </dsig:Transforms>
>                     <dsig:DigestMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#sha1"/>
>                     <dsig:DigestValue></dsig:DigestValue>
>                 </dsig:Reference>
>         </dsig:SignedInfo>
>         <dsig:SignatureValue></dsig:SignatureValue>
>         <dsig:KeyInfo>
>             <dsig:KeyName>Shallow, Ed</dsig:KeyName>
>
> <dsig:X509Data><dsig:X509Certificate/><dsig:X509SubjectName/><dsig:X509IssuerSerial/>
>             </dsig:X509Data>
>         </dsig:KeyInfo>
>     </dsig:Signature>
> </Document>
>
> Output from command line tool as follows:
>
> C:\XMLSec>xmlsec sign --crypto mscrypto --output
> inout/edsigned-enveloped.xml tmpl/tmpl-EPM-sign-enveloped.xml
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> library function failed: ;last error=-2146885628 (0x80092004);
> last error
> msg=func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> is not found: ;last error=-2146885628 (0x80092004);last error
> msg=func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed: ;last error=-2146885628 (0x80092004);last error
> msg=
> func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed: ;last error=-2146885628 (0x80092004);last error
> msg=
> Error: signature failed
> Error: failed to sign file "tmpl/tmpl-EPM-sign-enveloped.xml"
>
> Suggestions ?
>
> --
> Ed's Contact Information:
> Mobile Phone: 613-852-6410
> Gmail: ed.shallow at gmail.com
> VOIP Address: 107529 at sip.ca1.voip.ms
> VOIP DID#: 613-458-5004
> Skype ID: edward.shallow
> Home Phone: 613-482-2090
>
>
> _______________________________________________
> xmlsec mailing listxmlsec at aleksey.comhttp://www.aleksey.com/mailman/listinfo/xmlsec
>
>


-- 
Ed's Contact Information:
Mobile Phone: 613-852-6410
Gmail: ed.shallow at gmail.com
VOIP Address: 107529 at sip.ca1.voip.ms
VOIP DID#: 613-458-5004
Skype ID: edward.shallow
Home Phone: 613-482-2090
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20110618/9a775c23/attachment-0001.html>


More information about the xmlsec mailing list