[xmlsec] Signing a document with key and cert..
aleksey at aleksey.com
Mon Nov 18 09:27:55 PST 2002
> Ok, I just started looking at it, but I'm still struggling. First of
> all, I signed my private key using the aleksey.crt certificate. By
> using openssl x509 -text -in privkey-cert.pem I am able to verify that
> it has been signed correctly using the aleksey certificate:
> I have attached the resulting test.xml document in this email.
Please read section 3.2 from FAQ:
Your document could not be verified and I believe you had a warning when
you signed it.
> Since I am generating the documents dynamically, I guess I need to add
> the 509Data node programatically. The way I do this is:
> I am not sure this is (or should be) enough to generate a signed
> document, but from the output, something is obviously wrong since no
> 509Data section appears in the generated document (differently from
> the output of trying to do the same in xmlsec).
Adding X509Data node to XML tree shouldn't be related to reading keys/certs.
The xmlSecKeyInfoAddX509Data() function itself is pretty simple and
Can you print out XML document right after the
call? The only reason I can think of is that X509Data node will be
deleted from result document
if the key does not have a cert associated with it.
> On another note, I've also tried reading the aleksey.key using:
> keyPtr = xmlSec.SimpleKeysMngrLoadPemKey (keysMngr, "aleksey.key",
> and this fails with xmlSec it is not able to read the library. If I use:
> openssl rsa -text -in aleksey.key
> and input "1234" I get a textdump of the key. I have also verified
> that the bug is not in my lua binding of xmlsec (by outputting the
> parameters that I send to the C function).
> Any idea why loadpemkey fails with a password? I'm running everything
> on Gentoo Linux if that matters.
Can you file a bug about this, please?
And how urgent is it for you? I am doing some other stuff right now and
I would prefer to fix this problem
later if it is not urgent.
More information about the xmlsec