[xmlsec] Fwd: Use of full DistinguishedName in KeyName

Si St sigbj-st at operamail.com
Mon Oct 24 09:53:13 PDT 2011 

All right, would this as PATH be sufficient?(this is the smartcard CERT
in question;the KEY, in proper, is hidden in the smartcard and cannot be
detached from it;):

<KeyName>/home/sigbj/gpg-des/newcorvus_cert_key/bpP83_S-cer.pem</KeyName>

Xmlsec1 is still saying:
func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature failed
Error: failed to sign file "Template_KOM.xml"
The smartcard reader is blinking like a Christmastree and the
commandline prompt is naturally hanging a short while during this
process pointing to the contact openssl has with the card.
How is this to be interpreted?
-- 
  Si St
  sigbj-st at operamail.com


On Monday, October 24, 2011 6:41 AM, "Aleksey Sanin"
<aleksey at aleksey.com> wrote:
> With openssl, you need to load keys into xmlsec manually. With nss and 
> mscrypto, there are "default" keys storages that xmlsec can search.
> 
> Aleksey
> 
> On 10/24/11 3:52 AM, Si St wrote:
> > Excuse my interruption here,
> > but where is xmlsec1 searching to find the key in reference to the
> > <KeyName/>? Where should the key/cert be placed so that xmlsec1 can find
> > it (f.ex. among other keys)? Any specific directory? Remenber that
> > xmlsec1 is /usr/local/bin/xmlsec1 with me, and I wonder where the
> > program will search. In my particular case we are dealing with --crypto
> > openssl
> > --
> > Si St
> > sigbj-st at operamail.com <mailto:sigbj-st at operamail.com>
> > On Wednesday, October 19, 2011 9:33 PM, "EdShallow"
> > <ed.shallow at gmail.com> wrote:
> >> OK, here is how it works with mscrypto and xmlsec 1.2.18
> >>
> >> Example 1:
> >> <KeyName>CA, GC, PWGSC-TPSGC, "Ed Shallow"</KeyName>
> >>
> >> Example 2 with a special character:
> >> <KeyName>CA, GC, PWGSC-TPSGC, "Shallow, Ed"</KeyName>
> >>
> >> In other words, do not use the sub-type qualifiers in the DN string
> >> i.e. cn= ou= o= c=
> >>
> >> Order is also important.
> >>
> >> Cheers,
> >> Ed
> >>
> >> On Wed, Oct 19, 2011 at 7:38 PM, EdShallow <ed.shallow at gmail.com
> >> <mailto:ed.shallow at gmail.com>> wrote:
> >>
> >>     OK. Give me a day or so and I will check the source to see if
> >>     anything has changed in the CAPI calls.
> >>
> >>     On Oct 19, 2011 7:29 PM, "Aleksey Sanin" <aleksey at aleksey.com
> >>     <mailto:aleksey at aleksey.com>> wrote:
> >>
> >>         Not that I am aware of.
> >>
> >>         Aleksey
> >>
> >>         On 10/19/11 2:02 PM, EdShallow wrote:
> >>
> >>             . . . sorry forgot to mention, this behavior is with mscrypto
> >>             Ed
> >>
> >>             ---------- Forwarded message ----------
> >>             From: "EdShallow" <ed.shallow at gmail.com
> >>             <mailto:ed.shallow at gmail.com> <mailto:ed.shallow at gmail.com
> >>             <mailto:ed.shallow at gmail.com>>>
> >>             Date: Oct 19, 2011 3:55 PM
> >>             Subject: Use of full DistinguishedName in KeyName
> >>             To: "xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> >>             <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>"
> >>             <xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> >>             <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
> >>
> >>             Hi Aleksey,
> >>
> >>             Use of full DN in KeyName template element used to work in
> >>             oldwr
> >>             versions of xmlsec.
> >>
> >>             As of 1.2.18 I can only get CommonName to work.
> >>
> >>             Example:
> >>             This works
> >>             <KeyName>Shallow Ed</KeyName>
> >>
> >>             This does not:
> >>             <KeyName>cn=Shallow Ed,ou=finance,o=acme,c=ca</KeyName>
> >>
> >>             I receive an "Object or property cannot be found" message.
> >>
> >>             Are there any constraints for naming?
> >>
> >>             Ed
> >>
> >>
> >>
> >>             _______________________________________________
> >>             xmlsec mailing list
> >>             xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> >>             http://www.aleksey.com/mailman/listinfo/xmlsec
> >>
> >>
> >>
> >>
> >> --
> >> Ed's Contact Information:
> >> Mobile Phone: 613-852-6410
> >> Gmail: ed.shallow at gmail.com <mailto:ed.shallow at gmail.com>
> >> VOIP Address: 107529 at sip.ca1.voip.ms <mailto:107529 at sip.ca1.voip.ms>
> >> VOIP DID#: 613-458-5004
> >> Skype ID: edward.shallow
> >> Home Phone: 613-482-2090
> >>
> >> _______________________________________________
> >> xmlsec mailing list
> >> xmlsec at aleksey.com
> >> http://www.aleksey.com/mailman/listinfo/xmlsec
> >>
> >
> > --
> > http://www.fastmail.fm - Email service worth paying for. Try it for free
> >
> >
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> 

-- 
http://www.fastmail.fm - IMAP accessible web-mail

More information about the xmlsec mailing list