[xmlsec] Error running xmlsec under windows

Stewart Bourke StewartBourke at eircom.net
Tue Apr 20 11:18:08 PDT 2004

I have installed and built the xmlsec tools under Windows 2000.  They appear to have built correctly, and I am now trying to use the command line tool (xmlsec) to sign a file, and to get to know the system.

I copied the template file from the tutorial as follows:

<?xml version="1.0" encoding="UTF-8"?>
XML Security Library example: Simple signature template file for sign1 example. 
<Envelope xmlns="urn:envelope">
 Hello, World!
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="">
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

and when I try to run the command line tool i get:

xmlsec --sign templ.xml

I get a raft of errors:

CC:\Download\xmlsec\XMLSEC~1.5\win32\binaries>xmlsec --sign templ.xml --output ou
tput.xml --pkcs12 62NOHASH.P12 --pwd xxxxxxxx, --pubkey-cert-der cert.cer

1:xmlsec library function failed:
func=:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is no
t found:
oNode:error=1:xmlsec library function failed:
essNode:error=1:xmlsec library function failed:
Error: signature failed
Error: failed to sign file "templ.xml"

I had thought that by starting with the sample template I could at least check if the tool is working.  

I am pretty sure it is to do with the way in which I am specifying my key files etc, but frankly I am not sure what to do.

In my sample above, I have commented out my actual password with 'xxxxxxx' just for the sake of the email.

My configureation is as follows:

I have a pkcs12 password file which contains the certificate issued by the CA.  I also have the password.  I can open this password file, for example, in IIE, so I know my password is correct.

I exported the certificate to a .der file, and called it cert.cer

I am now trying to sign the template file, but I get the errors shown above...

Any help would be appreciated...


Stewart Bourke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20040420/2f00bc9f/attachment.htm

More information about the xmlsec mailing list