[xmlsec] Signing with key on token
Roumen Petrov
xmlsec at roumenpetrov.info
Sun Aug 13 07:52:53 PDT 2017
Hi Michal,
majkl majkl wrote:
> I am sorry, but I can not get it.
>
> Yes, I've found the same question in one historic -very historic-
> list, but no solution.
>
> What I am supposed to do to use key on token to sign in xmlsec,
> please? Use appropriate openssl config?
> I have spent a whole week by searching for it, no luck. It works only
> when I directly run opennsl from command line.
The trick with openssl is that you specify location of key. Usually it
is specified by argument "-inform" that accepts PEM, DER or ENGINE.
First two are for keys stored into file and engine is for external keys.
> I am supposed to patch xmlsec sources?
I think yes as xmlsec binary supports various options for keys stores
into files --privkey-pem ( --privkey) or --privkey-der but does not .
Missing is something like --privkey-eng[ine].
> Or openssl sources?
No openssl engine functionality work well.
> Does xmlsec uses its own libraries for openssl engine,
> or it uses system/openssl shared libraries?
xmlsec uses external crypto(openssl and etc.) libraries .
> I am quite lost in this moment, but I really need to sign xmls with token.
>
> Thanks,
>
> Michal
> [SNIP]
Roumen
More information about the xmlsec
mailing list