[xmlsec] Signing with key on token

majkl majkl the_majkl at seznam.cz
Sat Aug 12 10:08:56 PDT 2017


I am sorry, but I can not get it.

Yes, I've found the same question in one historic -very historic-
list, but no solution.

What I am supposed to do to use key on token to sign in xmlsec,
please? Use appropriate openssl config?
I have spent a whole week by searching for it, no luck. It works only
when I directly run opennsl from command line.

I am supposed to patch xmlsec sources? Or openssl sources? Does xmlsec
uses its own libraries for openssl engine,
or it uses system/openssl shared libraries?

I am quite lost in this moment, but I really need to sign xmls with token.

Thanks,

                    Michal


******************************

Sure. I think it will work for a simple use cases when there is only
one key. And yes, for anything more sophisticated custom code is required.

Aleksey

On 8/9/17 10:58 AM, Roumen Petrov wrote:
>* Aleksey Sanin wrote:
*>>* It was discussed in the mailing list in the past. You need to
*>>* create openssl config file to use the engine by default and
*>* Hmm, in general this configuration will not work.
*> >* Engines that operate with keys material stored externally cannot be set
*>* as default - usually this break operations with keys stored differently
*>* (file and etc.).
*> >>* pass it to xmlsec1 command line tool.
*>* Perhaps it will work for simple command line case with single key.
*> >* On other side openssl command line option -engine specify where is
*>* located key (call method ENGINE_load_private_key).
*> >* Regards,
*>* Roumen*


2017-08-08 21:12 GMT+02:00 Aleksey Sanin <aleksey at aleksey.com>:

> It was discussed in the mailing list in the past. You need to
> create openssl config file to use the engine by default and
> pass it to xmlsec1 command line tool.
>
> Aleksey
>
> On 8/1/17 12:56 AM, majkl majkl wrote:
> > I need to sign XML documents with certificate and key, stored on USB
> > token. I have Linux library (.so) with API, which works in openssl
> > (command line) and also in Firefox, for example.
> >
> > I need to tell xmlsec to use the token library to access the key. (Or,
> > when crypto openssl is used, make opensl work as it is run with -keyform
> > ENGINE -engine pkcs11 -inkey ABC -passin pass:PASS).
> >
> > Thanks, Michal
> >
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20170812/f5970f5d/attachment.html>


More information about the xmlsec mailing list