1 WHAT VERSION OF WINDOWS?
2 ------------------------------------------------------------------------
4 The xmlsec-mscrypto lib is developed on a windows XP machine with MS Visual
5 Studio (6 and .NET). The MS Crypto API has been evolving a lot with the
6 new releases of windows and internet explorer. MS CryptoAPI libraries
7 are distributed with ie and with the windows OS. Full functionality will
8 only be achieved on windows XP. AES is for example not supported on pre
9 XP versions of Windows (workarounds for this are possible, I believe).
10 Direct RSA de/encryption, used by xmlsec-mscrypto, is only possible from
11 Win 2000 (possibly also with a newer version of ie, with strong encryption
12 patch installed). It's very likely more of these issues are lying around, a
13 nd until it is tested on older windows systems it is uncertain what will work.
15 KEYS MANAGER with MS Certificate store support.
16 ------------------------------------------------------------------------
18 The default xmlsec-mscrypto keys manager is based upon the simple keys
19 store, found in the xmlsec core library. If keys are not found in the
20 simple keys store, than MS Certificate store is used to lookup keys.
21 The certificate store is only used on a READONLY base, so it is not possible
22 to store keys via the keys store into the MS certificate store. There are enough
23 other tools that can do that for you.
25 When the xmlsec application is started, with the config parameter the name of
26 the (system) keystore can be given. That keystore will be used for certificates
27 and keys lookup. With the keyname now two types of values can be given:
28 - simple name (called friendly name with MS);
29 - full subject name (recommended) of the key's certificate.
32 ------------------------------------------------------------------------
33 1) Default keys manager don't use trusted certs in MS Crypto Store
34 (http://bugzilla.gnome.org/show_bug.cgi?id=123668).
36 2) Missing crypto functionality:
37 - HMAC (http://bugzilla.gnome.org/show_bug.cgi?id=123670): does not look
38 like MS would support it soon.
39 - RSA-OAEP (http://bugzilla.gnome.org/show_bug.cgi?id=123671): MS says
40 that they will support this in the near future.
41 - AES KW (http://bugzilla.gnome.org/show_bug.cgi?id=123672): no native
42 support, might be possible to implement on top of AES cipher itself
43 - DES KW (http://bugzilla.gnome.org/show_bug.cgi?id=123673): no native
44 support, might be possible to implement on top of AES cipher itself
46 3) Actual AES Crypto provider name is different from the "official" one
47 (http://bugzilla.gnome.org/show_bug.cgi?id=123674).
49 4) The only supported file formats are PKCS#12 and DER certificates
50 (http://bugzilla.gnome.org/show_bug.cgi?id=123675).