[xmlsec] Signing a dynamically generated template

Aleksey Sanin aleksey at aleksey.com
Wed Apr 1 11:45:10 PST 2009 

"sign-tmpl" command is mostly a test tool for xmlsec itself.
The signature is hard coded to use HMAC, some very specific
XPath transform, etc. You probably don't want to use it.

Aleksey

Atul Bhouraskar wrote:
> Hello,
> 
> Can someone please explain to me the correct usage of the --sign-tmpl
> command for xmlsec1?
> 
> I have been able to successfully sign a template file using the --sign
> command.
> 
> This is what I have done:
> 
> $openssl genrsa -out private_key.pem 2048
> $openssl rsa -pubout -in private_key.pem -out public_key.pem
> 
> The test file is as follows:
> <?xml version="1.0" encoding="UTF-8"?>
> <Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>  <Data>
>  Hello, World!
>  </Data>
> </Envelope>
> 
> 
> $ xmlsec1 --sign-tmpl --privkey-pem private_key.pem test-sig.xml
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec 
> 
> library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key 
> 
> is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec 
> 
> library function failed:
> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec 
> 
> library function failed:
> Error: signature failed
> Error: failed to create and sign template
> 
> Adding a signature template to the above file and using the --sign
> command works. It is also possible to successfully verify the signed
> file using the public key.
> xmlsec1 --sign --privkey-pem private_key.pem test-sig.xml
> 
> I'm obviously missing something fundamental here...
> 
> Any pointers would be greatly appreciated.
> 
> Regards,
> 
> Atul
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list