[xmlsec] xmlsec1 and pkcs11

Miklos Vajna vmiklos at vmiklos.hu
Tue Feb 9 00:46:43 PST 2021


Hi Jaromir,

On Mon, Feb 08, 2021 at 10:16:17PM +0100, Jaromir Talir <jaromir.talir at nic.cz> wrote:
> good to hear you have succeeded. I played with nss and pkcs11 and seems
> like I'm almost there but still not fully. I guess I managed to get
> over task how to find proper keyname but xmlsec1 still cannot find the
> key in the token. I suspect that problem may be in PIN code (i.e
> "123456") that needs to be entered and I'm not sure if xmlsec1 "--pwd"
> parameter is used for this.

To be clear, we only use the library part of xmlsec1, it's invoked by
LibreOffice. Perhaps see if your HW works with LibreOffice (try to sign
e.g. an ODT file), and if so, track down how your code vs xmlsec1 cli vs
LibreOffice uses the xmlsec1 library?

Seeing you're on Linux, I only tried this with the NSS backend of
xmlsec1.

Regards,

Miklos


More information about the xmlsec mailing list