XML signatures in XP and 7 without .Net RRS feed

  • Question

  • Hi, I need to check XML D-signatures in native c++ but it has to work in XP throught Windows 7. For XP I can use CAPICOM and MSXML but is deprecated in Windows 7. For Windows 7 there is a new CryptoAPI with CryptXml, but is not compatible with XP. Can you give me any indications about where start looking?


    (Yes, I know I can use low level cryptoapi functions to verify the signatures but it implies parsing the XML manually, and that is very error prone. And no, I can't install .NET because is a requisite of the project to not doing so).



    • Moved by Jesse Jiang Monday, August 2, 2010 7:34 AM xml encrypt (From:Visual C++ General)
    Thursday, July 29, 2010 11:33 AM

All replies

  • I'd have no hestitation using CAPICOM and MSXML. They aren't going to disappear on you.

    Thursday, July 29, 2010 3:34 PM
  • Ok, but for develpment purposes I'm using an old copy of msxml 5 and I've read that msxml 6 doesn't support xmldsig. I prefer deploying the app without a legacy binary (and I really don't know if I am allowed to ship the dll as it appeared with Office, I'd have to re-read the license). Can I expect to obtain the same functionality with msxml 6 or it is going to be a "manual" parsing and a cryptographic verification?



    Thursday, July 29, 2010 6:10 PM
  • For Windows 7 there is a new CryptoAPI with CryptXml, but is not compatible with XP.

    I believe that System.Security.Cryptography.Xml is compatible with Windows XP SP3, and supports XML signatures.

    Frankly, I'd lean hard in this direction. I understand your reticence about distributing MSXML5, although I still think that is a viable option.

    I'm afraid this is very much at the periphery of my expertise, so please don't put too much weight in my opinion. Perhaps reposting in one of the security forums would give you a more authoritative answer.

    Thursday, July 29, 2010 6:28 PM