[xmlsec] Signing with key on token

Roumen Petrov xmlsec at roumenpetrov.info
Sun Aug 13 07:52:53 PDT 2017

Hi Michal,

majkl majkl wrote:
> I am sorry, but I can not get it.
> Yes, I've found the same question in one historic -very historic-
> list, but no solution.
> What I am supposed to do to use key on token to sign in xmlsec,
> please? Use appropriate openssl config?
> I have spent a whole week by searching for it, no luck. It works only
> when I directly run opennsl from command line.
The trick with openssl is that you specify location of key. Usually it 
is specified by argument "-inform" that accepts PEM, DER or ENGINE. 
First two are for keys stored into file and engine is for external keys.

> I am supposed to patch xmlsec sources?
I think yes as xmlsec binary supports various options for keys stores 
into files --privkey-pem ( --privkey) or --privkey-der but does not . 
Missing is something like --privkey-eng[ine].

> Or openssl sources?
No openssl engine functionality work well.

> Does xmlsec uses its own libraries for openssl engine,
> or it uses system/openssl shared libraries?
xmlsec uses external crypto(openssl and etc.) libraries .
> I am quite lost in this moment, but I really need to sign xmls with token.
> Thanks,
>                      Michal
> [SNIP]


More information about the xmlsec mailing list