Roumen Petrov escribió: > Ivan Barrera A. wrote: >> Hi again. >> >> Ive tried almost all solutions ive found on the web, and still no luck. > > Hmm. I don' think that xmlsec support engines. Did you found a patch ? >
Nope >> - USB etoken (Aladdin Pro32K, using its own format) >> - Library from aladdin to access de eToken >> (/usr/lib//usr/lib/libeTPkcs11.so) >> - a X509 Cert inside the eToken, along private and public keys (that >> cannot be exported. The eToken has to sign all data itself) > > Since this is you environment, could you propose a patch to xmlsec that > support openssl engines? Yep :) As soon as i have something working, ill clean it up, and propose a patch. So far, ive done a dirty hack to select engine inside openssl/app.c. Now im on to replicating the -keyform part on ssl. >> Using openssl, ive been able to sign digest using : >> openssl dgst -engine pkcs11 -keyform engine -sign >> <id-of-the-key-inside-token> xmlfile.xml >> >> It seems to work, as it ask to enter the etoken password and output some >> raw data. > > [SNIP] > > > Aleksey, > I think that first we has to enable xmlsec to use openssl config file. > In the configuration file we can specify which engine to use. Samples > can be found as search for "opensc pkcs11 engine". > > To work --crypto-config option we has to update: > src/openssl/app.c:53: OPENSSL_config(NULL); > Also if function argument is not set we may look for environment > variable is OPENSSL_CONF. > > Next I think is specific to engine - how to identify key(token) to use > for the operation. > > Roumen > > > > > _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec