[xmlsec] Incompatibility between OPENSSL nad MSCRYPTO engines?

Aleksey Sanin aleksey at aleksey.com
Fri Oct 21 10:01:27 PDT 2011 

Basically, xmlsec-mscrypto doesn't support pkcs12 format. Only DER 
format is supported.

Aleksey

On 10/20/11 11:09 PM, Josef Kokeš wrote:
> Oops, I completely overlooked the error message. Here it is:
>
> func=xmlSecMSCryptoAppKeyLoadMemory:file=..\src\mscrypto\app.c:line=237:obj=unknown:subj=format
> == xmlSecKeyDataFormatCertDer:error=100:assertion: ;last error=0
> (0x00000000);last error msg=Operace byla dokončena úspěšně.
>
> (last error msg translated to english: "The operation was successfully
> completed")
>
> Seems to be an incompatible encoding, but why? It's a standard PFX, I
> don't think I can choose encoding for that.
>
> Pepak
>
>> Hi!
>>
>> I have been using XmlSec for some time, but only with the OpenSSL
>> engine. Now I find myself in need of using a MS-Crypto engine (I want to
>> use tokens for certificate storage). I thought I would simply change the
>> parameter of xmlSecCryptoDLLoadLibrary from "openssl" to "mscrypto", but
>> apparently that is not the case:
>>
>> When I start preparing the signature context, the xmlSecDSigCtxCreate
>> succeeds but the following xmlSecCryptoAppKeyLoadMemory(PfxBuf, PfxSize,
>> xmlSecKeyDataFormatPkcs12, PfxPassword, 0, 0) returns 0 - the key could
>> not be loaded. But the same command succeeds with OpenSSL. I thought
>> perhaps it's another case of incompatible PFX files between Windows XP
>> and newer Windows, but that is not the case as I can import the PFX
>> correctly using the OS's tools.
>>
>> I am using LibXmlSec version 1.2.18 under Windows, as compiled by Igor
>> Zlatkovic in no-unicode mode.
>>
>> What could possibly be the problem?
>>
>> Thanks,
>>
>> Pepak
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
>> __ Zkontrolovano antivirovym programem NOD32 __
>> _______ Mailscanner spolecnosti Phoenix _______
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list