[xmlsec] Using xmlsec with openssl config file and engine pkcs11

Aleksey Sanin aleksey at aleksey.com
Wed Sep 22 19:47:15 PDT 2010 

How do you specify the key? Do you have a key name in the template?

Aleksey

On 9/22/10 2:10 AM, GOUSSEAU Denis wrote:
> I’m trying to use XmlSec binaries with an pkcs11 engine which work fine
> with openssl :
>
> OpenSsl config file :
>
> openssl_conf            = openssl_def
>
> [openssl_def]
>
> engines = engine_section
>
> [engine_section]
>
> pkcs11 = pkcs11_section
>
> [pkcs11_section]
>
> engine_id = pkcs11
>
> dynamic_path = ./engine_pkcs11.dll
>
> MODULE_PATH = c:/windows/cps_pkcs11_w32.dll
>
> init = 0
>
> PIN=1234
>
> [req]
>
> distinguished_name = req_distinguished_name
>
> [req_distinguished_name]
>
> Dos command line
>
> xmlsec --sign--pwd 1234  --crypto openssl --crypto-config .\openssl.cfg
> TestEnvoi.txt
>
> And i have  this error
>
> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> library function failed:
>
> func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> is not found:
>
> func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed:
>
> func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed:
>
> Error: signature failed
>
> Error: failed to sign file "TestEnvoi.txt"
>
> With a pem certificate, the file can be signed.
>
> So, the problem is with openssl and the config file or the engine i’m using.
>
> Does xmlSec work with pkcs11 engine without change ? Because I saw some
> patch but can’t find them with problem on private key.
>
> Thanks for help.
>
> -----------------------------------------------
> Denis GOUSSEAU
> Société SANTEOS
> -----------------------------------------------
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list