[xmlsec] Loading private key in any format other than PEM

Aleksey Sanin aleksey at aleksey.com
Thu Oct 17 08:32:05 PDT 2013

privateExponent.toByteArray() might not return the DER format expected 
by the function.


On 10/17/13 7:59 AM, allicoder redocilla wrote:
> Dear Aleksey (CC xmlsec list),
> I am trying to load a private key from memory using xmlsec (testing with
> RSA keys). Unfortunately, I can only do this if the memory buffer is a
> pem file's contents; anything else fails. I was hoping you might be able
> to shed some light on why this might be going wrong.
> I am getting the key data from Java using various methods, all to no
> avail. I have tried PrivateKey.getEncodedBytes(),
> RSAPrivateKey.getPrivateExponent().toByteArray(), new
> PKCS8Key().getEncodedBytes(), passing in a der file directly, loading a
> der file directly... Nothing but pem files seems to work.
> Is this a limitation of xmlsec, or am I just doing something wrong?
> Could you suggest a combination of xmlSecKeyDataFormat and the format it
> expects?
> I'm (attempting to) load the key using
>    xmlSecKeyPtr privateKey = xmlSecCryptoAppKeyLoadMemory((const
> xmlChar*)data, dataLength, xmlSecKeyDataFormat*, NULL, NULL, NULL);
> Error message (xmlSecKeyDataFormatDer, privateExponent.toByteArray()):
> E/XmlSigner_jni( 6867):
> (/home/arc/projects/xml-signing/android-builds//xmlsec/./src/openssl/app.c:263):
> (null):PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY:4:
> E/XmlSigner_jni( 6867):
> (/home/arc/projects/xml-signing/android-builds//xmlsec/./src/openssl/app.c:205):
> (null):xmlSecOpenSSLAppKeyLoadBIO:1:
> The keys I'm testing with are unencrypted. I'm using xmlsec checked out
> from a few days ago, openssl 0.9.8 from tarball. Platform is Android.
> Best wishes,
> Alice.

More information about the xmlsec mailing list