diff options
author | Anas Nashif <anas.nashif@intel.com> | 2012-11-13 12:30:55 -0800 |
---|---|---|
committer | Anas Nashif <anas.nashif@intel.com> | 2012-11-13 12:30:55 -0800 |
commit | f251dedaa31b48f7c05a4b53c112b40ebca890ef (patch) | |
tree | d6c78a1b273417506edb030c96772c8459f5831e /src/mscrypto/README | |
download | xmlsec1-f251dedaa31b48f7c05a4b53c112b40ebca890ef.tar.gz xmlsec1-f251dedaa31b48f7c05a4b53c112b40ebca890ef.tar.bz2 xmlsec1-f251dedaa31b48f7c05a4b53c112b40ebca890ef.zip |
Imported Upstream version 1.2.18upstream/1.2.18
Diffstat (limited to 'src/mscrypto/README')
-rw-r--r-- | src/mscrypto/README | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/mscrypto/README b/src/mscrypto/README new file mode 100644 index 00000000..0b3f4b6b --- /dev/null +++ b/src/mscrypto/README @@ -0,0 +1,39 @@ +WHAT VERSION OF WINDOWS? +------------------------------------------------------------------------ + +The xmlsec-mscrypto lib is developed on a windows XP machine with MS Visual +Studio (6 and .NET). The MS Crypto API has been evolving a lot with the +new releases of windows and internet explorer. MS CryptoAPI libraries +are distributed with ie and with the windows OS. Full functionality will +only be achieved on windows XP. AES is for example not supported on pre +XP versions of Windows (workarounds for this are possible, I believe). +Direct RSA de/encryption, used by xmlsec-mscrypto, is only possible from +Win 2000 (possibly also with a newer version of ie, with strong encryption +patch installed). It's very likely more of these issues are lying around, a +nd until it is tested on older windows systems it is uncertain what will work. + +KEYS MANAGER with MS Certificate store support. +------------------------------------------------------------------------ + +The default xmlsec-mscrypto keys manager is based upon the simple keys +store, found in the xmlsec core library. If keys are not found in the +simple keys store, than MS Certificate store is used to lookup keys. +The certificate store is only used on a READONLY base, so it is not possible +to store keys via the keys store into the MS certificate store. There are enough +other tools that can do that for you. + +When the xmlsec application is started, with the config parameter the name of +the (system) keystore can be given. That keystore will be used for certificates +and keys lookup. With the keyname now two types of values can be given: + - simple name (called friendly name with MS); + - full subject name (recommended) of the key's certificate. + +KNOWN ISSUES. +------------------------------------------------------------------------ +1) Default keys manager don't use trusted certs in MS Crypto Store +(http://bugzilla.gnome.org/show_bug.cgi?id=123668). + +2) The only supported file formats are PKCS#12 and DER certificates +(http://bugzilla.gnome.org/show_bug.cgi?id=123675). + + |