<br><font size=2 face="sans-serif">Thank you, loading a pkcs12 file worked!
I created a pkcs12 file with my public cert and private key.</font>
<br><font size=2 face="sans-serif">I loaded it into xmlsec and it did everything
else on its own, and on the other end I was able to decrypt</font>
<br><font size=2 face="sans-serif">it with my private key (so I assume
that it got the public key out and did things correctly).</font>
<br>
<br><font size=2 face="sans-serif">However, there is a problem with this.</font>
<br><font size=2 face="sans-serif">Since I am going to be using the "clients"
public key/cert, I'll have to make the pkcs12 file without a private key.</font>
<br><font size=2 face="sans-serif">This appears to be do-able with openssl
(though what I'm doing now could be wrong).</font>
<br><font size=2 face="sans-serif">The command I use to get the pkcs12
file from a pem format cert is:</font>
<br><font size=2 face="sans-serif">openssl pkcs12 -export -in PubCertFile.pem
-nokeys -out myTempCert.p12</font>
<br><font size=2 face="sans-serif">but when I load the result of this command
into xmlsec, I get this error:</font>
<br>
<br><font size=2 face="sans-serif">func=xmlSecOpenSSLEvpKeyAdopt:file=evp.c:line=211:obj=unknown:subj=pKey
!= NULL:error=100:assertion:</font>
<br><font size=2 face="sans-serif">func=xmlSecOpenSSLAppPkcs12LoadBIO:file=app.c:line=702:obj=unknown:subj=xmlSecOpenSSLEvpKeyAdopt:error=1:xmlsec
library function failed:</font>
<br><font size=2 face="sans-serif">func=xmlSecOpenSSLAppPkcs12Load:file=app.c:line=574:obj=unknown:subj=xmlSecOpenSSLAppPkcs12LoadBIO:error=1:xmlsec
library function failed:filename=/myKeyDir/myTempCert.p12;errno=2</font>
<br>
<br><font size=2 face="sans-serif">It looks like xmlsec is expecting a
private key with the file, but I can't have it due to the nature of security.</font>
<br><font size=2 face="sans-serif">Is there a way to tell xmlsec to just
use the public key that's inside the pkcs12 file? or am I going about this
wrong?</font>
<br>
<br><font size=2 face="sans-serif">Thanks again,</font>
<br><font size=2 face="sans-serif">Brian</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Aleksey Sanin <aleksey@aleksey.com></b>
</font>
<br><font size=1 face="sans-serif">Sent by: xmlsec-bounces@aleksey.com</font>
<p><font size=1 face="sans-serif">06/17/2008 03:17 PM</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">Brian.Myers@zootweb.com</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td><font size=1 face="sans-serif">xmlsec@aleksey.com</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: [xmlsec] wsse tokens and encryption</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2><br>
> Do I need to manually put the cert into the key?<br>
<br>
Yes! You must associate the cert with the key. The simplest<br>
way to do this is to put your key and certificate(s) into<br>
pkcs12 file and then load the file "at once". It is possible<br>
to do it manually but you will need to manipulate the<br>
key data objects yourself.<br>
<br>
Aleksey<br>
_______________________________________________<br>
xmlsec mailing list<br>
xmlsec@aleksey.com<br>
http://www.aleksey.com/mailman/listinfo/xmlsec<br>
</font></tt>
<br>