3

I need to sign XML using xmlsec and certificate provided by csp. (C++, Linux only) Here is the simplified code.

HCERTSTORE hStore = NULL;
hStore = CertOpenStore();
PCCERT_CONTEXT pContext = CertFindCertificateInStore(hStore...);
//xml preparation using libxml2

xmlSecKeyPtr signKey = xmlSecKeyCreate();
xmlSecDSigCtxPtr dsigCtx = xmlSecDSigCtxCreate(mngr);
dsigCtx->signKey = ???; // How to set sign key?
xmlSecDSigCtxSign(dsigCtx, signNode);

How to set signkey? How to extract it from cert? In Java it's done by CryptAcquireCertificatePrivateKey with cryptSetProvParam setting password. But in Linux no success with this call.

John Kugelman
  • 349,597
  • 67
  • 533
  • 578
Nem
  • 336
  • 3
  • 8
  • 22

1 Answers1

-1

Have you looked at the documentation? Try these two links:

https://www.aleksey.com/xmlsec/api/xmlsec-verify-with-key.html

https://www.aleksey.com/xmlsec/api/xmlsec-notes-sign.html

Specifically, this line looks like it sets the sign key, with key_file being a char array:

dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);

This should help getting the key from a cert: How can I extract a key from an SSL certificate?

0xShawnAdams
  • 24
  • 6
  • The problem is that i DON'T have key_file. What I have is PCCERT_CONTEXT provided by CSP. – Nem Aug 23 '22 at 07:08