[xmlsec] xmlsec sing with gost

Aleksey Sanin aleksey at aleksey.com
Fri Mar 21 08:27:24 PDT 2014 

The template (tests/aleksey-xmldsig-01/x509data-test.tmpl) uses RSA
signatures. You need to modify it to use GOST instead.

Aleksey

On 3/21/14, 7:31 AM, Nikolay Shaplov wrote:
> Hi! 
> 
> I am trying to sign xml with gost2001.
> 
> I've built xmlsec from trunk and properly configured gost for openssl
> 
> an example gost check passes well:
> 
> $ apps/.libs/xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem --verification-time "2006-04-01 00:00:00" tests/aleksey-xmldsig-01/enveloped-gost.xml
> 
> But now I am trying to sign an xml with gost. In order to check that I 
> do everything right, I try to do both gost and rsa:
> 
> I do create keys
> 
> $ mkdir my
> $ /usr/local/ssl/bin/openssl req -new -x509 -nodes -newkey rsa -keyout my/rsa.key -out my/rsa.pem -days 36500
> $ /usr/local/ssl/bin/openssl req -new -x509 -nodes -newkey gost2001 -pkeyopt paramset:A -keyout my/gost2001.key -out my/gost2001.pem -days 36500
> 
> and then trying to sign:
> 
> $ /usr/local/bin/xmlsec1 --sign --privkey-pem my/rsa.key tests/aleksey-xmldsig-01/x509data-test.tmpl
> #OK
> 
> $ /usr/local/bin/xmlsec1 --sign --privkey-pem my/gost2001.key tests/aleksey-xmldsig-01/x509data-test.tmpl
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:.
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found:.
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:.
> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed:.
> Error: signature failed.
> Error: failed to sign file "tests/aleksey-xmldsig-01/x509data-test.tmpl"
> 
> Also tried to specify public key cert, with the same result:
> /usr/local/bin/xmlsec1 --sign --privkey-pem my/gost2001.key --pubkey-cert-pem my/gost2001.pem tests/aleksey-xmldsig-01/x509data-test.tmpl
> 
> RSA works well, but gost does not. Do I do something wrong here?
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list