[xmlsec] PKCS11 - Key not found
Pablo G. Gallardo
pggllrd at gmail.com
Wed Nov 9 02:43:23 PST 2016
Hi Aleksey,
Thank you! You are right. xmlSecKeyGetType(key) returned 1 (public key). I'll check why is it recognized as a public key. As you said, I'm not passing the correct key object (RSA), just adopting EVP_PKEY.
I'll fix that and then I'll came with the result.
Thank you!
Pablo
Em 9 de novembro de 2016 00:17:27 BRST, Aleksey Sanin <aleksey at aleksey.com> escreveu:
>Assuming that the key type matches the requested signature type
>in the template (i.e. RSA signatures require RSA keys)...
>
>Can you try to print the key type with
>
>xmlSecKeyGetType(key)
>
>Basically, I suspect that it doesn't recognize the key as private
>thus can't find a proper key for the signature.
>
>Best,
>
>Aleksey
>
>On 11/8/16 5:05 PM, Pablo Gabriel Gallardo wrote:
>> Hello there!
>>
>> I want to use xmlsec to sign XMLs with a smart card. I'm using libp11
>> and when I call xmlSecDSigCtxSign(), it returns -1 and I'm getting
>> this error:
>>
>>
>func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
>> is not found:
>>
>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
>> library function failed:
>>
>func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec
>> library function failed:
>> Error: signature failed
>>
>> I use xmlSecOpenSSLEvpKeyAdopt() to set the EVP_PKEY from my smart
>> card but I'm sure that I am missing something.
>>
>> Could someone please help me to see what else I should be doing to
>> make this work? I've checked this mailing list and someone in 2008
>had
>> the same problem but he didn't mention how to solve it.
>>
>> Here are the parts I've modified from sign3.c. Complete source is on
>>
>https://github.com/pablogallardo/livrenfe/blob/development/src/sign.c:
>>
>> static xmlSecKeyPtr load_key(const char *pwd) {
>>
>> xmlSecKeyPtr key = NULL;
>> xmlSecKeyDataPtr data;
>> EVP_PKEY *pKey = NULL;
>> int ret;
>>
>> pKey = get_private_key(pwd);
>> if(pKey == NULL)
>> return NULL;
>>
>> data = xmlSecOpenSSLEvpKeyAdopt(pKey);
>> if(data == NULL) {
>> EVP_PKEY_free(pKey);
>> return NULL;
>> }
>>
>> key = xmlSecKeyCreate();
>> if(key == NULL) {
>> xmlSecKeyDataDestroy(data);
>> return NULL;
>> }
>>
>> ret = xmlSecKeySetValue(key, data);
>> if(ret < 0) {
>> xmlSecKeyDestroy(key);
>> xmlSecKeyDataDestroy(data);
>> return NULL;
>> }
>> return key;
>> }
>>
>> int sign_file(const char* xml_file, char *password) {
>>
>> .....
>>
>>
>> /* load private key */
>> dsigCtx->signKey = load_key(password);
>> if(dsigCtx->signKey == NULL) {
>> fprintf(stderr,"Error: failed to load private key from
>smartcard\n");
>> goto done;
>> }
>>
>> /* load certificate and add to the key
>> if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
>> xmlSecKeyDataFormatPem) < 0) {
>> fprintf(stderr,"Error: failed to load pem certificate
>> \"%s\"\n", cert_file);
>> goto done;
>> }*/
>>
>> /* set key name to the file name, this is just an example!
>> if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
>> fprintf(stderr,"Error: failed to set key name for key from
>> \"%s\"\n", key_file);
>> goto done;
>> } */
>>
>> /* sign the template */
>> if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
>> fprintf(stderr,"Error: signature failed\n");
>> goto done;
>> }
>>
>> ....
>> }
>>
>>
>>
>> Thank you!
>>
>> Pablo G. Gallardo
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the xmlsec
mailing list