[xmlsec] Sign with .pfx certificates
Aleksey Sanin
aleksey at aleksey.com
Fri Feb 22 12:26:17 PST 2013
Convert your certs to PE or DER
https://www.sslshopper.com/ssl-converter.html
Aleksey
On 2/22/13 6:38 AM, Rodrigo Lobo da Costa [e] wrote:
> Greetings!
>
>
>
> I am trying to use the xmlsec libraries, using C/C++, to sign XML files
> using .pfx certificates, but no success so far.
>
>
>
> Here is the part of my code that loads the certificate and signs the
> file in the given “signNode”:
>
>
>
> (...)
>
>
>
> // creating signature context
>
> digitalSignatureContext = xmlSecDSigCtxCreate(NULL);
>
> if (digitalSignatureContext == NULL) {
>
> throw "could not create signature context”;
>
> }
>
>
>
> // obtaining certificate
>
> digitalSignatureContext->signKey = xmlSecOpenSSLAppPkcs12Load(cert_file,
> password, NULL, NULL);
>
> if (digitalSignatureContext->signKey == NULL) {
>
> throw "could not load certificate";
>
> }
>
>
>
> // obtaining sign key
>
> digitalSignatureContext->signKey = xmlSecCryptoAppKeyLoad(cert_file,
> xmlSecKeyDataFormatPkcs12, password, NULL, NULL);
>
> if (digitalSignatureContext->signKey == NULL) {
>
> throw "could not load sign key";
>
> }
>
>
>
> // signing file
>
> if (xmlSecDSigCtxSign(digitalSignatureContext, signNode) < 0) {
>
> throw "could not sign file";
>
> }
>
>
>
> (...)
>
>
>
> And when I execute the program, I get this error:
>
>
>
> func=xmlSecOpenSSLAppPkcs12LoadBIO:file=..\src\openssl\app.c:line=705:obj=unknown:subj=PKCS12_verify_mac:error=4:crypto
> library function failed:
>
> func=xmlSecOpenSSLAppPkcs12Load:file=..\src\openssl\app.c:line=596:obj=unknown:subj=xmlSecOpenSSLAppPkcs12LoadBIO:error=1:xmlsec
> library function failed:filename=misc\certificate.pfx;errno=2
>
> Error: could not load certificate
>
>
>
> What is the right procedure to load the .pfx certificate and sign the file?
>
> (The sign3.c example works fine for me, using provided rsakey.pem and
> rsacert.pem files)
>
>
>
> Thanks!
>
More information about the xmlsec
mailing list