[xmlsec] OpenSSL engine patch

Aleksey Sanin aleksey at aleksey.com
Thu Sep 23 17:55:22 UTC 2021 

Thank you, just saw it! Let me review and comment on the patch!

Thank you!

Aleksey

On 9/23/21 1:48 PM, Leonardo Secci wrote:
> I Aleksey,
> 
> I submit the PR on github.
> 
> Thanks
> 
> Leonardo
> 
> In data giovedì 23 settembre 2021 15:37:18 CEST, hai scritto:
>> Hi Leonardo,
>>
>> Thank you for the patch! Is there any chance you can submit a PR
>> on github? That way it will be easier to discuss the patch there.
>>
>> Thanks,
>>
>> Aleksey
>>
>> On 9/22/21 1:06 PM, LS wrote:
>>> Dear xmlsec community,
>>>
>>>
>>> I'd like to share with you a patch I developed to allow usage of an
>>> OpenSSL's engine in xmlsec.
>>>
>>>
>>> The usage with command line is simple, I added the option
>>> --privkey-openssl-engine to supply the engine's name and the key specs.
>>>
>>>    --privkey-openssl-engine[:<name>]
>>>
>>> <openssl-engine>;<openssl-key-id>,[,<crtfile>[,<cafile>[...]]]
>>>
>>>          load private key by OpenSSL ENGINE interface; specify the name
>>>
>>> of engine
>>>
>>>          (like with -engine params), the key specs (like with -inkey or
>>>
>>> -key params)
>>>
>>>          and certificates that verify this key
>>>
>>> At moment I tested only pkcs11 engine with SoftHSM2 but I'd like that
>>> all of you interested in using HSM or smartcard with xmlsec make a test .
>>>
>>> To setup a token with SoftHSM run:
>>>     softhsm2-util --init-token --free --label "XmlsecToken" --pin
>>>
>>> password --so-pin password
>>>
>>> To create a key pair in token run:
>>>     pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l -k --key-type
>>>
>>> rsa:2048 --id 1000 --label XmlsecKey --pin password
>>>
>>> To generate a certificate run:
>>>     openssl req -new -x509 -subj "/CN=Xmlsec" -engine pkcs11 -keyform
>>>
>>> engine -key
>>> "pkcs11:token=XmlsecToken;object=XmlsecKey;type=private;pin-value=password
>>> "
>>> -out Xmlsec.pem
>>>
>>> To sign an xml with a patched xmlsec run:
>>>     xmlsec1 --sign "--privkey-openssl-engine:XmlsecKey"
>>>
>>> "pkcs11;pkcs11:token=XmlsecToken;object=XmlsecKey;pin-value=password,Xmlse
>>> c.pem" sample.xml
>>>
>>>
>>> Best regards
> 
> 
>

More information about the xmlsec mailing list