[xmlsec] Finding Keys

Edward Shallow ed.shallow at rogers.com
Fri Oct 28 13:03:01 PDT 2005 

Hi Aleksey,

   Making progress, but still having problem getting at keys with Python and
ctypes module. I won't ask you any Python or ctype questions, I promise. But
I will ask you to comment on these observations from an xmlsec perspective
if you would be so kind. 

What I am able to do:
*********************

- using xmlsec command line utility, sign with keys specified by KeyName in
template sourced from Simple Keys Store in (i.e. keys.xml)
- using xmlsec command line utility, sign with keys specified by KeyName in
template sourced from mscrypto store in either short friendly name form or
long X.500 name form
- using Python and ctypes against libxml2, I can parse docs, walk trees,
access children, get and set node contents, pretty much anything the lib can
do
- using Python and ctypes against xmlsec I can run everything clean up to
the last 2 lines below where it fails

   That is, I can Find keys using either xmlSecKeysMngrFindKey or
xmlSecKeyStoreFindKey, and I can Get keys using xmlSecKeysMngrGetKey as long
as they are in the keys.xml Simple Keys Store. None of these 3 work when an
mscrypto store key is specified. Mscrypto support is advertised as being
able to first look in the SimpleKeysStore and if not found there to then
look in mscrypto store.

What I am NOT able to do:
*************************

I can't however go on to use the key to actually sign using the DSigCtx
(last 2 lines). This inability applies to both keys.xml and the mscrypto
store.

Do you see something obvious that I don't see ?

Thanks,
Ed    


Simplified code snippet ...

    libxml2.xmlParseFile()
    rootNode = libxml2.xmlDocGetRootElement(parsedDoc)
    sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
    keysMngr = xmlsec.xmlSecKeysMngrCreate()
    rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
    id = xmlsec.xmlSecSimpleKeysStoreGetKlass()
    keyStore = xmlsec.xmlSecKeyStoreCreate(id)
    rc = xmlsec.xmlSecSimpleKeysStoreLoad(keyStore,
'c:/xmlsec/keys/keys2.xml', keysMngr)
    rc = xmlsec.xmlSecKeysMngrAdoptKeysStore(keysMngr, keyStore)
    dsigCtx = xmlsec.xmlSecDSigCtxCreate()
    rc = xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
    keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr)

# block below works for keys in Simple Key Store

    key = xmlsec.xmlSecKeysMngrFindKey(keysMngr, 'test-rsa', keyInfoCtx)
    key = xmlsec.xmlSecKeyStoreFindKey(keyStore, 'test-rsa', keyInfoCtx)
    keyInfoNode = xmlsec.xmlSecFindNode(sigNode, 'KeyInfo',
'http://www.w3.org/2000/09/xmldsig#')
    key = xmlsec.xmlSecKeysMngrGetKey(keyInfoNode, keyInfoCtx)

# can't get keys when signing though ???
    rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode)
    print 'Signature creation complete with status code', rc





Output from above ...

Entering xmlsec ctypes wrap
Initializing libxml2 parser
Loading dynamic crypto support, return code  0
Loading mscrypto, return code  0
CryptoAppInit, return code  0
Initializing xmlsec, return code 0
CryptoInit, return code  0
stdin fileno = 0
stdout fileno = 1
stderr fileno = 2
found signature node with name Signature and type 1
CryptoAppDefaultKeysMngrInit returned with rc 0
SimpleKeysStoreLoad returned with rc 0
KeysMngrAdoptKeysStore returned with rc 0
DSigCtxInitialize allocated <ctypes.LP_xmlSecDSigCtx object at 0x00B3CD30>
keyInfoCtx.contents.keysMngr 11586024 keyInfoCtx.contents.mode 0

xmlSecKeysMngrFindKey returned with key test-rsa
xmlSecKeyStoreFindKey returned with key test-rsa
found KeyInfo node with name KeyInfo and type 1
xmlSecKeysMngrGetKey returned with key test-rsa

func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlS
ecKeysMngrFindKey:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.

func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn
own:subj=unknown:error=45:key is not found: ;last error=-2146885628
(0x80092004);last error msg=Cannot find object or property.

func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un
known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function
failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find
object or property.

func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSe
cDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.

Signature creation complete with status code -1

More information about the xmlsec mailing list