[xmlsec] Signing on Windows using SHA-256 hash

Aleksey Sanin aleksey at aleksey.com
Wed Mar 9 07:18:27 PST 2016

Great to know you figured it out!


On 3/9/16 12:45 AM, Miklos Vajna wrote:
> Hi,
> On Tue, Mar 08, 2016 at 09:21:37AM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
>> First, as I mentioned before, I would be happy to merge all the
>> upstream patches that makes sense for the main xmlsec. Please
>> don't hesitate to send pull requests :)
> Yes, thanks for the enouragement. The only patches I did myself are
> these SHA-256 and the relationship ones, so for the rest I need to work
> out what they do, bring them up to date against master, and can only
> submit them then, so it takes time. But that's my long-term goal.
>> Unfortunately, I don't have a Windows environment anymore so I can't
>> debug it myself. But I can give you a suggestion. As far as I recall,
>> there is a function xmlSecMSCryptoFindProvider() which is used to
>> find out the crypto provider for specific operation. I would suggest
>> to put a breakpoint on this function and compare parameters for
>> the cases of signing and verification.
>> Let me know if it makes sense at all!
> Right, I found that. At the end my problem was that I incorrectly
> generated my test certificates. After reading tests/keys/README
> carefully again, I found that I did not use -CSP, and that's why the
> certificate was loaded from the old store, which doesn't support SHA2.
> After using '-CSP "Microsoft Enhanced RSA and AES Cryptographic
> Provider"' when generating the .p12 file my upgraded 1.2.15 + patches
> result works as expected. :-)
> Regards,
> Miklos

More information about the xmlsec mailing list