[xmlsec] nss getKey

Aleksey Sanin aleksey at aleksey.com
Mon Sep 19 20:55:37 PDT 2005

1) For signature you need to have private key associated with the cert.
Usually you simply load pkcs12 file into nss databases using pk12util
command line application:

  $ pk12util -i key.p12 -d /path/to/database

2) xmlsec-nss uses the key's "nickname" to search for key in
nss database. This nickname is usually set in the pkcs12 file
when you create it:

  $ openssl pkcs12 -export -in cert.pem -inkey key.pem \
            -out key.p12 -name \"My Nick Name\"
(note that there is no password set for this pkcs12 file which might
be a bad idea).

Finally, take a look at the xmlsec\tests\keys\readme file for
the names I set for pkcs12 files distributed with xmlsec. I bet
that the one you need has nickname 'TestRsaKey' (w/o quotes).


Edward Shallow wrote:
> Yes I have verified it is there using Firefox. I have added several 
> others with no luck.
> Ed

More information about the xmlsec mailing list