I am sorry, but I can not get it. Yes, I've found the same question in one historic -very historic- list, but no solution.
What I am supposed to do to use key on token to sign in xmlsec, please? Use appropriate openssl config? I have spent a whole week by searching for it, no luck. It works only when I directly run opennsl from command line. I am supposed to patch xmlsec sources? Or openssl sources? Does xmlsec uses its own libraries for openssl engine, or it uses system/openssl shared libraries? I am quite lost in this moment, but I really need to sign xmls with token. Thanks, Michal ****************************** Sure. I think it will work for a simple use cases when there is only one key. And yes, for anything more sophisticated custom code is required. Aleksey On 8/9/17 10:58 AM, Roumen Petrov wrote: >* Aleksey Sanin wrote: *>>* It was discussed in the mailing list in the past. You need to *>>* create openssl config file to use the engine by default and *>* Hmm, in general this configuration will not work. *> >* Engines that operate with keys material stored externally cannot be set *>* as default - usually this break operations with keys stored differently *>* (file and etc.). *> >>* pass it to xmlsec1 command line tool. *>* Perhaps it will work for simple command line case with single key. *> >* On other side openssl command line option -engine specify where is *>* located key (call method ENGINE_load_private_key). *> >* Regards, *>* Roumen* 2017-08-08 21:12 GMT+02:00 Aleksey Sanin <alek...@aleksey.com>: > It was discussed in the mailing list in the past. You need to > create openssl config file to use the engine by default and > pass it to xmlsec1 command line tool. > > Aleksey > > On 8/1/17 12:56 AM, majkl majkl wrote: > > I need to sign XML documents with certificate and key, stored on USB > > token. I have Linux library (.so) with API, which works in openssl > > (command line) and also in Firefox, for example. > > > > I need to tell xmlsec to use the token library to access the key. (Or, > > when crypto openssl is used, make opensl work as it is run with -keyform > > ENGINE -engine pkcs11 -inkey ABC -passin pass:PASS). > > > > Thanks, Michal > > > > > > _______________________________________________ > > xmlsec mailing list > > xmlsec@aleksey.com > > http://www.aleksey.com/mailman/listinfo/xmlsec > > >
_______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec