[xmlsec] wsse tokens and encryption

Brian.Myers at zootweb.com Brian.Myers at zootweb.com
Thu Jun 19 08:41:14 PDT 2008 

Thank you, loading a pkcs12 file worked!  I created a pkcs12 file with my 
public cert and private key.
I loaded it into xmlsec and it did everything else on its own, and on the 
other end I was able to decrypt
it with my private key (so I assume that it got the public key out and did 
things correctly).

However, there is a problem with this.
Since I am going to be using the "clients" public key/cert, I'll have to 
make the pkcs12 file without a private key.
This appears to be do-able with openssl (though what I'm doing now could 
be wrong).
The command I use to get the pkcs12 file from a pem format cert is:
openssl pkcs12 -export -in PubCertFile.pem -nokeys -out myTempCert.p12
but when I load the result of this command into xmlsec, I get this error:

func=xmlSecOpenSSLEvpKeyAdopt:file=evp.c:line=211:obj=unknown:subj=pKey != 
NULL:error=100:assertion:
func=xmlSecOpenSSLAppPkcs12LoadBIO:file=app.c:line=702:obj=unknown:subj=xmlSecOpenSSLEvpKeyAdopt:error=1:xmlsec 
library function failed:
func=xmlSecOpenSSLAppPkcs12Load:file=app.c:line=574:obj=unknown:subj=xmlSecOpenSSLAppPkcs12LoadBIO:error=1:xmlsec 
library function failed:filename=/myKeyDir/myTempCert.p12;errno=2

It looks like xmlsec is expecting a private key with the file, but I can't 
have it due to the nature of security.
Is there a way to tell xmlsec to just use the public key that's inside the 
pkcs12 file? or am I going about this wrong?

Thanks again,
Brian




Aleksey Sanin <aleksey at aleksey.com> 
Sent by: xmlsec-bounces at aleksey.com
06/17/2008 03:17 PM

To
Brian.Myers at zootweb.com
cc
xmlsec at aleksey.com
Subject
Re: [xmlsec] wsse tokens and encryption







 > Do I need to manually put the cert into the key?

Yes! You must associate the cert with the key. The simplest
way to do this is to put your key and certificate(s) into
pkcs12 file and then load the file "at once". It is possible
to do it manually but you will need to manipulate the
key data objects yourself.

Aleksey
_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080619/58737762/attachment-0002.htm

More information about the xmlsec mailing list