[xmlsec] Signing xml using etoken

[Ivan Barrera A.]

Hi !

I've been fighting the last week on trying to sign xmldocuments, using a
cert stored on an etoken. (aladdin 32K).
Im using the lib /usr/lib/libeTPkcs11.so provided by aladdin, and trying
to sign the document in any way.

So far, ive tried openssl, and nss with no luck. Using openssl alone, i
can get the system to sign smime documents using the token (  openssl
smime -sign -engine pkcs11 -in test.xml -out a.xml -signer my-cert.pem
-keyform engine -inkey
39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30
)
And adding the etoken lib to nss :
modutil -list gives
  2. eToken
        library name: /usr/lib/libeTPkcs11.so
         slots: 17 slots attached
        status: loaded

         slot: AKS ifdh 00 00
        token: eToken



However, when i try to sign anything using xmlsec1, i only get

# xmlsec1 --sign --crypto nss   --output a.xml test4.xml
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed: ;last nss error=0 (0x00000000)
Error: signature failed
Error: failed to sign file "test4.xml"



Ive tried using keyname, keyvalue, keys.xml file. Nothing worked.  Most
probably, im doing something wrong.
Someone has done , or know how can i achieve this ?

BTW, Running on fedora core 9, using latest openct/pcscd/xmlsec.