[xmlsec] Signing xml using etoken

Ivan Barrera A. ivan.barrera at will.cl
Sun Jun 29 19:50:43 PDT 2008 

Aleksey Sanin escribió:
> It looks like the key could not be found. Try to look at the
> code under debugger to make sure you use correct key name.
> It is a little tricky with NSS but with openssl you can
> put the key into xmlsec keymanager as long as you have
> an EVP. You might need to write some code to load the correct
> crypto engine though.
Ok, ill read and try that.
Im kinda new into this topic, so if anyone can share some examples ill
be most grateful :)

Thanks


>
> Aleksey
>
> Ivan Barrera A. wrote:
>> Hi !
>>
>> I've been fighting the last week on trying to sign xmldocuments, using a
>> cert stored on an etoken. (aladdin 32K).
>> Im using the lib /usr/lib/libeTPkcs11.so provided by aladdin, and trying
>> to sign the document in any way.
>>
>> So far, ive tried openssl, and nss with no luck. Using openssl alone, i
>> can get the system to sign smime documents using the token (  openssl
>> smime -sign -engine pkcs11 -in test.xml -out a.xml -signer my-cert.pem
>> -keyform engine -inkey
>> 39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30
>>
>> )
>> And adding the etoken lib to nss :
>> modutil -list gives
>>   2. eToken
>>         library name: /usr/lib/libeTPkcs11.so
>>          slots: 17 slots attached
>>         status: loaded
>>
>>          slot: AKS ifdh 00 00
>>         token: eToken
>>
>>
>>
>> However, when i try to sign anything using xmlsec1, i only get
>>
>> # xmlsec1 --sign --crypto nss   --output a.xml test4.xml
>> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
>>
>> library function failed: ;last nss error=0 (0x00000000)
>> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
>>
>> is not found: ;last nss error=0 (0x00000000)
>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
>>
>> library function failed: ;last nss error=0 (0x00000000)
>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
>>
>> library function failed: ;last nss error=0 (0x00000000)
>> Error: signature failed
>> Error: failed to sign file "test4.xml"
>>
>>
>>
>> Ive tried using keyname, keyvalue, keys.xml file. Nothing worked.  Most
>> probably, im doing something wrong.
>> Someone has done , or know how can i achieve this ?
>>
>> BTW, Running on fedora core 9, using latest openct/pcscd/xmlsec.
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list