Re: [xmlsec] Signing xml using etoken

Sun, 29 Jun 2008 19:23:54 -0700 

It looks like the key could not be found. Try to look at the
code under debugger to make sure you use correct key name.
It is a little tricky with NSS but with openssl you can
put the key into xmlsec keymanager as long as you have
an EVP. You might need to write some code to load the correct
crypto engine though.

Aleksey

Ivan Barrera A. wrote:

Hi !

I've been fighting the last week on trying to sign xmldocuments, using a
cert stored on an etoken. (aladdin 32K).
Im using the lib /usr/lib/libeTPkcs11.so provided by aladdin, and trying
to sign the document in any way.

So far, ive tried openssl, and nss with no luck. Using openssl alone, i
can get the system to sign smime documents using the token (  openssl
smime -sign -engine pkcs11 -in test.xml -out a.xml -signer my-cert.pem
-keyform engine -inkey
39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30
)
And adding the etoken lib to nss :
modutil -list gives
  2. eToken
        library name: /usr/lib/libeTPkcs11.so
         slots: 17 slots attached
        status: loaded

         slot: AKS ifdh 00 00
        token: eToken



However, when i try to sign anything using xmlsec1, i only get

# xmlsec1 --sign --crypto nss   --output a.xml test4.xml
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed: ;last nss error=0 (0x00000000)
Error: signature failed
Error: failed to sign file "test4.xml"



Ive tried using keyname, keyvalue, keys.xml file. Nothing worked.  Most
probably, im doing something wrong.
Someone has done , or know how can i achieve this ?

BTW, Running on fedora core 9, using latest openct/pcscd/xmlsec.

_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to