[xmlsec] problem with nss pkcs12

Molnar Gabor Gabor.Molnar at ticketcorner.com
Tue Jan 11 04:58:04 PST 2005 

Hi,
 
I try to use xmlsec with NSS 3.9.2. The nss tests are OK. Some xmlsec tests  deliver error, e.g:
 
--- testDSig started for xmlsec-default library (20050111_133044)
--- LD_LIBRARY_PATH=/cygdrive/c/project/batch_nss/install/lib
--- log file is win32\tmp/testDSig.20050111_133044-2952.log
merlin-xmldsig-twenty-three/signature-enveloped-dsa
    Verify existing signature                               OK
    Create new signature                                  Fail
    Verify new signature                                  Fail
merlin-xmldsig-twenty-three/signature-enveloping-dsa
    Verify existing signature                               OK
    Create new signature                                  Fail
    Verify new signature                                  Fail
 
 
I think, it cannot import the pkcs12 private key. nss/lib/softoken/pksc11.c:pk11_handleObject returns CKR_USER_NOT_LOGGED_IN. 
The logs are:
 
--- testDSig started for xmlsec-default library (20050111_133044)
--- LD_LIBRARY_PATH=/cygdrive/c/project/batch_nss/install/lib
Test: /merlin-xmldsig-twenty-three/signature-enveloped-dsa
win32/binaries/xmlsec.exe verify  --crypto-config win32\tmp/xmlsec-crypto-config   ./tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
win32/binaries/xmlsec.exe sign  --crypto-config win32\tmp/xmlsec-crypto-config --pkcs12 ./tests/keys/dsakey.p12 --pwd secret --output win32\tmp/testDSig.20050111_133044-2952.tmp ./tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.tmpl
func=xmlSecNssAppPkcs12LoadSECItem:file=..\src\nss\app.c:line=940:obj=unknown:subj=SEC_PKCS12DecoderImportBags:error=4:crypto library function failed: ;last nss error=-8099 (0xFFFFE05D)
func=xmlSecNssAppKeyLoadSECItem:file=..\src\nss\app.c:line=388:obj=unknown:subj=xmlSecNssAppPkcs12LoadSECItem:error=1:xmlsec library function failed: ;last nss error=-8099 (0xFFFFE05D)
func=xmlSecNssAppKeyLoad:file=..\src\nss\app.c:line=299:obj=unknown:subj=xmlSecNssAppKeyLoadSECItem:error=1:xmlsec library function failed: ;last nss error=-8099 (0xFFFFE05D)
func=xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad:file=..\apps\crypto.c:line=194:obj=unknown:subj=xmlSecCryptoAppKeyLoad:error=1:xmlsec library function failed:filename=./tests/keys/dsakey.p12;last nss error=-8099 (0xFFFFE05D)
Error: failed to load pkcs12 key from "./tests/keys/dsakey.p12".
Error: keys manager creation failed


Have you any idea about the problem?
How can I use private key from the NSS keystore?
 
thanks, Gabor

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20050111/67876763/attachment-0002.htm

More information about the xmlsec mailing list