[xmlsec] Signing XMLs with X509 certificate

Jorge Augusto Senger jasenger at gmail.com
Tue Mar 3 07:09:57 PST 2009


Hi Aleksey, thanks for your reply.

Reading the list files I found this message:
http://www.aleksey.com/pipermail/xmlsec/2003/005354.html.
Based on it, I used the following commands to sign my XML:

$ openssl pkcs12 -in certificate.pfx -out certificate.pem -des3
$ xmlsec1 --sign --output out.xml --privkey-pem certificate.pem --pwd xxx
sign_template.xml

Jorge

On Tue, Mar 3, 2009 at 11:38 AM, Aleksey Sanin <aleksey at aleksey.com> wrote:

> The error is "key is not found". You need to make sure that the
> *correct* key is loaded in the key manager and that the template
> refers to the key correctly.
>
> Aleksey
>
> Jorge Augusto Senger wrote:
>
>> - Show quoted text -
>> Hi everybody,
>>
>> I'm trying to sign a XML file with a X509 certificate but xmlsec1 fails:
>>
>> # xmlsec1 --sign sign_template.xml --pkcs12 cert.pfx
>> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
>> library function failed:
>> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
>> is not found:
>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
>> library function failed:
>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
>> library function failed:
>> Error: signature failed
>> Error: failed to sign file "sign_template.xml"
>>
>> I'm using Debian 4.0 with the following xmlsec packages:
>>
>> xmlsec1/etch uptodate 1.2.9-5
>> libxmlsec1-openssl/etch uptodate 1.2.9-5
>> libxmlsec1-gnutls/etch uptodate 1.2.9-5
>> libxmlsec1-nss/etch uptodate 1.2.9-5
>> libxmlsec1/etch uptodate 1.2.9-5
>> libxmlsec1-dev/etch uptodate 1.2.9-5
>>
>> So, can somebody help me with this error?
>>
>> Thanks in advance,
>>
>> --
>> Jorge Augusto Senger
>> jasenger (at) gmail.com <http://gmail.com>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>


-- 
Jorge Augusto Senger
jasenger (at) gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20090303/660b8148/attachment.htm


More information about the xmlsec mailing list