[xmlsec] xmlsec1 and pkcs11

Jaromir Talir jaromir.talir at nic.cz
Tue Feb 9 01:42:44 PST 2021

Hi Miklos,

I tried LibreOffice with NSS backend and I was able to sign ODT
document with the key on the token. I was asked for PIN in GUI.

So the question for the audience is - how to pass PIN to NSS in xmlsec1

The last possible problem can be in KeyName so the other question is -
is the described process to guess KeyName from token correct?


On Tue, 2021-02-09 at 09:46 +0100, Miklos Vajna wrote:
> Hi Jaromir,
> On Mon, Feb 08, 2021 at 10:16:17PM +0100, Jaromir Talir
> <jaromir.talir at nic.cz> wrote:
> > good to hear you have succeeded. I played with nss and pkcs11 and
> > seems
> > like I'm almost there but still not fully. I guess I managed to get
> > over task how to find proper keyname but xmlsec1 still cannot find
> > the
> > key in the token. I suspect that problem may be in PIN code (i.e
> > "123456") that needs to be entered and I'm not sure if xmlsec1 "--
> > pwd"
> > parameter is used for this.
> To be clear, we only use the library part of xmlsec1, it's invoked by
> LibreOffice. Perhaps see if your HW works with LibreOffice (try to
> sign
> e.g. an ODT file), and if so, track down how your code vs xmlsec1 cli
> vs
> LibreOffice uses the xmlsec1 library?
> Seeing you're on Linux, I only tried this with the NSS backend of
> xmlsec1.
> Regards,
> Miklos

More information about the xmlsec mailing list