<div dir="ltr">Hi,<div><br></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; ">I use xmlsec with OpenSSL in my application, but now I need support for pkcs11.</span><br>
</div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;"><br></span></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;">Noting the sources realized that there is no support for pkcs11 using OpenSSL.<br>
</span></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;"><br></span></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;">Was there any solution to the <span class="Apple-style-span" style="font-family: arial; font-size: 13px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; "><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;">Mailing list</span><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "> topic: "Proposed patch to allow OpenSSL / ENGINE operations" ?</span></span></span></div>
<div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;"><br></span></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;">I tried to change the sign3.c example, but as expected the error occurred<br>
xmlSecDSigCtxSign function:<br></span></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;"><br></span></div>
<div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px;"><br></span></div><div><div><div>xmlSecKeyPtr my_load_key(const char *filename, msint format, const char *pwd, void* pwdCallback, ENGINE *e = NULL);<br>
</div></div><div><br></div><div>.....</div><div><div> /* load private key, assuming that there is not password */<br></div><div> dsigCtx->signKey = my_load_key( key_file.Str(), </div><div> xmlSecKeyDataFormatUnknown, //Oops, only test</div>
<div> NULL, </div><div> xmlSecCryptoAppGetDefaultPwdCallback(),</div><div> setup_engine("pkcs11", 0));</div><div> if(dsigCtx->signKey == NULL)</div><div> {</div><div> fprintf(stderr,"Error: failed to load private key ENGINE from \"%s\"\n", cert_file.Str());</div>
<div> goto done;</div><div> }</div><div>...</div><div><br></div><div><div>xmlSecKeyPtr my_load_key(const char *filename, msint format, const char *pwd, void* pwdCallback, ENGINE *e)</div><div>{</div><div> xmlSecKeyPtr key = NULL;</div>
<div> xmlSecKeyDataPtr data;</div><div> EVP_PKEY* pKey = NULL;</div><div> BIO* bio;</div><div> int ret;</div><div><br></div><div> switch(format) </div><div> {</div><div> case xmlSecKeyDataFormatPem:</div><div> {</div>
<div> ....</div><div> }</div><div> break;</div><div> case xmlSecKeyDataFormatUnknown: //Oops, only test</div><div> {</div><div> if (!e)</div><div> msprintf("no engine specified\n");</div>
<div> else</div><div> pKey = ENGINE_load_private_key(e, filename, NULL, NULL);</div><div> }</div><div> break;</div><div> } <span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div><br></div><div> data = xmlSecOpenSSLEvpKeyAdopt(pKey);</div><div> if(data == NULL) {</div><div> EVP_PKEY_free(pKey);</div><div> return(NULL);<span class="Apple-tab-span" style="white-space:pre"> </span> </div>
<div> } </div><div><br></div><div> key = xmlSecKeyCreate();</div><div> if(key == NULL) {</div><div> xmlSecKeyDataDestroy(data);</div><div> return(NULL);</div><div> }</div><div><br></div><div> ret = xmlSecKeySetValue(key, data);</div>
<div> if(ret < 0) {</div><div> xmlSecKeyDestroy(key);</div><div> xmlSecKeyDataDestroy(data);</div><div> return(NULL);</div><div> }</div><div> return(key);<br></div><div>}</div><div><br></div><div>Erro:</div>
<div><br></div><div><div><div>func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:</div><div>subj=unknown:error=45:key is not found:</div><div>func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknow</div>
<div>n:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:</div><div>func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSi</div><div>gCtxSigantureProcessNode:error=1:xmlsec library function failed:</div>
<div><br></div><div><br></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; font-size: 16px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; ">Any solution to support pkcs11 with OpenSSL?</span><br>
</div><div><br></div><div><br></div><div>Thanks in Advanced.</div><div><br></div><div>Ricardo</div></div></div></div></div></div></div>