[xmlsec] From Openssl to NSS

Aleksey Sanin aleksey at aleksey.com
Fri Nov 4 08:58:22 PDT 2011

Take a look to see what error 8157 mean for nss


On 11/4/11 4:53 AM, Si St wrote:
> I have xml-signingtried with the new smartcarddriver.
> Tools like pkcs11-tool and clientToolBox manages to sign and test the
> card.
> I am getting contact with the card with xmlsec1 and openssl, but signing
> is still negativ - error:45 - just like before. What I believe is that
> regardless of MultiSign and SingleSign as to xmlsec1, they both will
> work.
> If I change to NSS instead of OPENSSL, what has to be done?
> There is little sense to get from the firefox sites.
> xmlsec1 sign --crypto nss --output signedKOM KOM.xml
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> library function failed: ;last nss error=-8157 (0xFFFFE023)
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> is not found: ;last nss error=-8157 (0xFFFFE023)
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed: ;last nss error=-8157 (0xFFFFE023)
> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed: ;last nss error=-8157 (0xFFFFE023)
> Error: signature failed
> Error: failed to sign file "KOM.xml"

More information about the xmlsec mailing list