[xmlsec] Questions regarding xmlsec-nss
govs23 at hotmail.com
Tue Mar 30 09:52:35 PST 2004
> > I have two questions, is there any s/w wherein I can generate
>>a key in this format?
>openssl can write keys and certificates in both PEM and DER format.
>Check "-inform" and "-outform" options. This is very strange that
>you got crashers. One more option you have is to import the key
>in the NSS keydb and then xmlsec can load keys from there. Check
>the NSS distribution for "pk12util".
I am able to repeat the segbort fault pretty much everytime.
This is what I tried.
I generated a fresh rsakey using openssl
openssl genrsa -out key.pem 1024. This is because, the Readme file
that the existing PEM files are not in the PrivateKeyInfo format (?)
then converted it into der using
openssl rsa -inform PEM -outform DER -in key.pem -out key.der
Ran the test code as sign1 sign1-tmpl.xml key.der
The SEGABRT occurs line 474 src/nss/app.c Seemingly, when I go down
the stack to check out where the actual problem is it is in
line 1820 seckey.c
Let me know if there is anything wrong in my execution of the code.
Thanks a lot for your immediate response,
>>Second, how difficult is it to extend the support to other key formats in
>>xmlsec? Or is the problem with NSS, which has no support.
>This is NSS limitation. For example, xmlsec-openssl supports both PEM
>and DER files. I don't want xmlsec to parse key files by itself
>thus you have to file a bug against NSS (but I guess I know the
FREE pop-up blocking with the new MSN Toolbar get it now!
More information about the xmlsec