[xmlsec] Questions regarding xmlsec-nss

Govind Krishnamurthi govs23 at hotmail.com
Tue Mar 30 09:52:35 PST 2004

> > I have two questions, is there any s/w wherein I can generate
>>a key in  this format?
>openssl can write keys and certificates in both PEM and DER format.
>Check "-inform" and "-outform" options. This is very strange that
>you got crashers. One more option you have is to import the key
>in the NSS keydb and then xmlsec can load keys from there. Check
>the NSS distribution for "pk12util".

I am able to repeat the segbort fault pretty much everytime.
This is what I tried.
I generated a fresh rsakey using openssl
openssl  genrsa -out key.pem 1024. This is because, the Readme file 
that the existing PEM files are not in the PrivateKeyInfo format (?)

then converted it into der using
openssl rsa -inform PEM -outform DER -in key.pem -out key.der

Ran the test code as sign1 sign1-tmpl.xml  key.der
The SEGABRT occurs  line  474 src/nss/app.c Seemingly, when I go down
the stack to check out where the actual problem is it is in 
PORT_FreeArea(arena, PR_FALSE);
line 1820 seckey.c

Let me know if there is anything wrong in my execution of the code.
Thanks a lot for your immediate response,

>>Second, how difficult is it to extend the support to other key formats in 
>>xmlsec? Or is the problem with  NSS, which has no support.
>This is NSS limitation. For example, xmlsec-openssl supports both PEM
>and DER files. I don't want xmlsec to parse key files by itself
>thus you have to file a bug against NSS (but I guess I know the

FREE pop-up blocking with the new MSN Toolbar – get it now! 

More information about the xmlsec mailing list