[xmlsec] Signing a dynamically generated template

[Atul Bhouraskar]

Hello,

Can someone please explain to me the correct usage of the --sign-tmpl
command for xmlsec1?

I have been able to successfully sign a template file using the --sign
command.

This is what I have done:

$openssl genrsa -out private_key.pem 2048
$openssl rsa -pubout -in private_key.pem -out public_key.pem

The test file is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <Data>
  Hello, World!
  </Data>
</Envelope>


$ xmlsec1 --sign-tmpl --privkey-pem private_key.pem test-sig.xml
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec 

library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key 

is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec 

library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec 

library function failed:
Error: signature failed
Error: failed to create and sign template

Adding a signature template to the above file and using the --sign
command works. It is also possible to successfully verify the signed
file using the public key.
xmlsec1 --sign --privkey-pem private_key.pem test-sig.xml

I'm obviously missing something fundamental here...

Any pointers would be greatly appreciated.

Regards,

Atul