It looks like the key could not be found. Try to look at the code under debugger to make sure you use correct key name. It is a little tricky with NSS but with openssl you can put the key into xmlsec keymanager as long as you have an EVP. You might need to write some code to load the correct crypto engine though.
Aleksey Ivan Barrera A. wrote:
Hi ! I've been fighting the last week on trying to sign xmldocuments, using a cert stored on an etoken. (aladdin 32K). Im using the lib /usr/lib/libeTPkcs11.so provided by aladdin, and trying to sign the document in any way. So far, ive tried openssl, and nss with no luck. Using openssl alone, i can get the system to sign smime documents using the token ( openssl smime -sign -engine pkcs11 -in test.xml -out a.xml -signer my-cert.pem -keyform engine -inkey 39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30 ) And adding the etoken lib to nss : modutil -list gives 2. eToken library name: /usr/lib/libeTPkcs11.so slots: 17 slots attached status: loaded slot: AKS ifdh 00 00 token: eToken However, when i try to sign anything using xmlsec1, i only get # xmlsec1 --sign --crypto nss --output a.xml test4.xml func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: ;last nss error=0 (0x00000000) func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: ;last nss error=0 (0x00000000) func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: ;last nss error=0 (0x00000000) func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last nss error=0 (0x00000000) Error: signature failed Error: failed to sign file "test4.xml" Ive tried using keyname, keyvalue, keys.xml file. Nothing worked. Most probably, im doing something wrong. Someone has done , or know how can i achieve this ? BTW, Running on fedora core 9, using latest openct/pcscd/xmlsec. _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec