[xmlsec] Signing xml using etoken

Roumen Petrov xmlsec at roumenpetrov.info
Wed Jul 9 14:59:35 PDT 2008

Ivan Barrera A. wrote:
> Roumen Petrov escribió:
>> Ivan Barrera A. wrote:
>>> Hi again.
>>> Ive tried almost all solutions ive found on the web, and still no luck.
>> Hmm. I don' think that xmlsec support engines. Did you found a patch ?
> Nope
>>> - USB etoken (Aladdin Pro32K, using its own format)
>>> - Library from aladdin to access de eToken
>>> (/usr/lib//usr/lib/libeTPkcs11.so)
>>> - a X509 Cert inside the eToken, along private and public keys (that
>>> cannot be exported. The eToken has to sign all data itself)
>> Since this is you environment, could you propose a patch to xmlsec that
>> support openssl engines?
> Yep :)
> As soon as i have something working, ill clean it up, and propose a patch.
> So far, ive done a dirty hack to select engine inside openssl/app.c.

I think that passing function argument "config" to OPENSSL_config is 
enough to select engine set by openssl config file (line 53 in 
src/openssl/app.c). I expect this file to be from command line option 
--crypto-config :-/ .

> Now im on to replicating the -keyform part on ssl.

Did you mark private key as external so that xmlsec function will not 
try to load it and to ask engine for operation ?


More information about the xmlsec mailing list