[xmlsec] Signing a document with key and cert..

Aleksey Sanin aleksey at aleksey.com
Mon Nov 18 09:27:55 PST 2002

> Ok, I just started looking at it, but I'm still struggling. First of 
> all, I signed my private key using the aleksey.crt certificate. By 
> using openssl x509 -text -in privkey-cert.pem I am able to verify that 
> it has been signed correctly using the aleksey certificate:
> ....
> I have attached the resulting test.xml document in this email.

Please read section 3.2 from FAQ:   
Your document could not be verified and I believe you had a warning when 
you signed it.

> Since I am generating the documents dynamically, I guess I need to add 
> the 509Data node programatically. The way I do this is:
> ....

> I am not sure this is (or should be) enough to generate a signed 
> document, but from the output, something is obviously wrong since no 
> 509Data section appears in the generated document (differently from 
> the output of trying to do the same in xmlsec).

Adding X509Data node to XML tree shouldn't be related to reading keys/certs.
The xmlSecKeyInfoAddX509Data() function itself is pretty simple and 
Can you print out XML document right after the 
xmlSecKeyInfoAddX509Data() function
call? The only reason I can think of is that X509Data node will be 
deleted from result document
if the key does not have a cert associated with it.

> On another note, I've also tried reading the aleksey.key using:
>    keyPtr = xmlSec.SimpleKeysMngrLoadPemKey (keysMngr, "aleksey.key", 
> "1234")
> and this fails with xmlSec it is not able to read the library. If I use:
> openssl rsa -text -in aleksey.key
> and input "1234" I get a textdump of the key. I have also verified 
> that the bug is not in my lua binding of xmlsec (by outputting the 
> parameters that I send to the C function).
> Any idea why loadpemkey fails with a password? I'm running everything 
> on Gentoo Linux if that matters.

Can you file a bug about this, please?
And how urgent is it for you? I am doing some other stuff right now and 
I would prefer to fix this problem
later if it is not urgent.


More information about the xmlsec mailing list