[xmlsec] Re: NSS-Based XML Security Library Not Working on Linux

Aleksey Sanin aleksey at aleksey.com
Tue Dec 2 08:26:44 PST 2003

NSS does not support loading private keys from PEM file. Either use PKCS12
or import the key in NSS key db directly.

 From the README file in src/nss folder:

    10) Not all file formats are supported

    - xmlSecNssAppKeyLoad(): This function loads a PKI key from a file.
        The following formats are supported:
            . xmlSecKeyDataFormatDer: This expects the private key to be in
                    PrivateKeyInfo format. Note that the DER files 
                    private keys in the xmlsec test suite aren't in that 
            . xmlsecKeyDataFormatPkcs12

        The following formats are not supported:
            . xmlSecKeyDataFormatPkcs8Pem
            . xmlSecKeyDataFormatPkcs8Der  


    - xmlSecNssAppCertLoad(): This function loads a cert from a file.
        The following formats are supported:

        The following formats are not supported:


Stone Xiang wrote:

> Hi, Aleksey,
> I am sorry to bother, but I has been dwelling on this problem for days.
> I successfully compiled the XML security component on Linux using
> nss-3.8 and nspr-4.3 (and libxml, libxslt, libiconv, of course). But when
> I run the program "sign1" under the "example" directory, I got the 
> following
> error information:
> [stone at dhcp-cbjs05-218-9 examples]$ ./sign1 sign1-tmpl.xml rsakey.pem
> func=xmlSecNssAppKeyLoad:file=app.c:line=237:obj=unknown:subj=xmlSecNssAppKeyLoad:error=17:invalid 
> format:format=2
> Error: failed to load private pem key from "rsakey.pem"
> It seems that the NSS crypto library cannot correctly recognize the
> private key. What's wrong? By the way, I am using the x86 binary
> version of NSS and NSPR on a RedHat 9.0 installation.
> I am sincerely looking forward to your reply.
> Stone Xiang

More information about the xmlsec mailing list