[xmlsec] xmlsec, openssl , gost

waterfall at inbox.ru waterfall at inbox.ru
Mon Apr 5 23:52:44 PDT 2010 

 
 
--- Исходное сообщение ---
От: "waterfall at evol.ru" <waterfall at evol.ru>
Отправлено: 06.04.2010 01:23:14
Тема: xmlsec, openssl , gost
 
1. i install openssl 1.0 (use ./config shared ), xmlsec 1.2.4 (use ./configure --enable-gost --with-openssl="/usr/local/ssl") in slax
2. generate key : openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out seckey.pem
 
 
sign1-tmpl-rus.xml (from test)
 
<?xml version="1.0" encoding="UTF-8"?>
<!-- 
XML Security Library example: Simple signature template file for sign1 example. 
-->
<Envelope xmlns="urn:envelope">
  <Data>
Hello, World!
  </Data>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
  <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
  <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>
  <Reference URI="">
  <Transforms>
  <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::dsig:Signature)</XPath>
</Transform>
  </Transforms>
  <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/>
  <DigestValue></DigestValue>
  </Reference>
  </SignedInfo>
  <SignatureValue/>
  <KeyInfo>
<X509Data>
<X509Certificate></X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>
 
 
sign1 - one of examples (by default it use openssl engine)
 
 
command ./sign1    sign1-tmpl-rus.xml    seckey.pem
get this
 
func=xmlSecOpenSSLEvpKeyAdopt:file=evp.c:line=241:obj=unknown:subj=unknown:error=14:invalid type:evp key type 811 not supported
func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=333:obj=unknown:subj=xmlSecOpenSSLEvpKeyAdopt:error=1:xmlsec library function failed:
func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=143:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed:filename=seckey.pem;errno=0
Error: failed to load private pem key from "seckey.pem"  
 
what should I do?:)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100406/21fa4885/attachment.html>

More information about the xmlsec mailing list