[xmlsec] xmlsec1 and pkcs11

Aleksey Sanin aleksey at aleksey.com
Tue Feb 9 08:19:32 PST 2021


Hi Jaromir,

I never tested passing password to the token from CLI. If you can
debug it then I would gladly accept patches :)

Best,

Aleksey

On 2/9/21 1:42 AM, Jaromir Talir wrote:
> Hi Miklos,
> 
> I tried LibreOffice with NSS backend and I was able to sign ODT
> document with the key on the token. I was asked for PIN in GUI.
> 
> So the question for the audience is - how to pass PIN to NSS in xmlsec1
> cli?
> 
> The last possible problem can be in KeyName so the other question is -
> is the described process to guess KeyName from token correct?
> 
> Regards,
> Jaromir
> 
> On Tue, 2021-02-09 at 09:46 +0100, Miklos Vajna wrote:
>> Hi Jaromir,
>>
>> On Mon, Feb 08, 2021 at 10:16:17PM +0100, Jaromir Talir
>> <jaromir.talir at nic.cz> wrote:
>>> good to hear you have succeeded. I played with nss and pkcs11 and
>>> seems
>>> like I'm almost there but still not fully. I guess I managed to get
>>> over task how to find proper keyname but xmlsec1 still cannot find
>>> the
>>> key in the token. I suspect that problem may be in PIN code (i.e
>>> "123456") that needs to be entered and I'm not sure if xmlsec1 "--
>>> pwd"
>>> parameter is used for this.
>>
>> To be clear, we only use the library part of xmlsec1, it's invoked by
>> LibreOffice. Perhaps see if your HW works with LibreOffice (try to
>> sign
>> e.g. an ODT file), and if so, track down how your code vs xmlsec1 cli
>> vs
>> LibreOffice uses the xmlsec1 library?
>>
>> Seeing you're on Linux, I only tried this with the NSS backend of
>> xmlsec1.
>>
>> Regards,
>>
>> Miklos
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 


More information about the xmlsec mailing list