The idea of certificates and mscrypto is indeed similar to that of NSS. The MS CAPI is used to retrieve certificates from the certificate store. This done through the keysstore, that is capable to also search for certificates from the local Certificate store.
However for the sake of completeness and to be consistent with the xmlsec library direct support for pkcs12 files has been implemented as well (this code hasn't been committed to the cvs branch yet. It makes the test suite also consistent for usage. You don't want to import certificates just for the sake of testing each time into your certificate store, I could imagine.... My personal goal is however a complete integration with the local MS Certificate store, without having to use external key files. Aleksey, the argument that the pkcs12 import in xmlsec is not needed is valid, because it is already possible (quite easily) to import pkcs12 files into the MS certificate store, so why bother in also supporting pkcs12 in this. Wouter -----Original Message----- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 17:41 To: Edward Shallow Cc: 'Wouter'; [EMAIL PROTECTED] Subject: Re: [xmlsec] Mscrypto patch 2, for cvs XMLSEC_MSCRYPTO_083103 branch Edward, I am not sure I clear understand what are saying about pkcs12 files and MS Crypto Store. In xmlsec-nss for example, we read pkcs12 file, put the key in NSS keys db and after that execute our tests thus we do exersise the NSS keys db functionality. I wonder why we could not do the same for xmlsec-mscrypto? IMHO, there is no reason why we could not upload keys in MS Crypto Store first and have to use them directly. Aleksey _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
