[xmlsec] Widget signing template

Kai Hendry kai.hendry at gmail.com
Wed Jul 1 09:05:36 PDT 2009


Hi Aleksey,

http://git.webvm.net/?p=wgtqa;a=tree;f=xmldsig
git clone git://git.webvm.net/wgtqa
cd wgtqa/xmldsig/


I hope you can review some work I've been doing, to put together a
template for the W3C digital signature folk using your tool xmlsec1.


Your dsakey.p12 from your tests/ directory. I think I see how you
created it by tests/keys/README.

I tried creating a simpler example.p12
http://git.webvm.net/?p=wgtqa;a=blob;f=xmldsig/Makefile and it does
not work. Perhaps I am missing something? Do I really need to setup a
CA? I was hoping it work closer in practice to my ssh priv/pub
keypair.

This is the error message from xmlsec1:

func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature failed
Error: failed to sign file "../signing-template.xml"


For the purposes of an example. I'm not sure pkcs12 is the way to go,
esp. since I don't like typing in passwords. I wanted to create a
private PEM key to sign and use the X509 public key to verify. Though
that didn't work either.

Thanks again,


More information about the xmlsec mailing list