<div dir="ltr"><pre>I am sorry, but I can not get it.<br></pre><pre>Yes, I've found the same question in one historic -very historic- list, but no solution.<br></pre><pre>What I am supposed to do to use key on token to sign in xmlsec, please? Use appropriate openssl config? <br>I have spent a whole week by searching for it, no luck. It works only when I directly run opennsl from command line.<br></pre><pre>I am supposed to patch xmlsec sources? Or openssl sources? Does xmlsec uses its own libraries for openssl engine, <br>or it uses system/openssl shared libraries? <br></pre><pre>I am quite lost in this moment, but I really need to sign xmls with token.<br></pre><pre>Thanks,<br></pre><pre> Michal<br></pre><pre><br>******************************<br><br>Sure. I think it will work for a simple use cases when there is only
one key. And yes, for anything more sophisticated custom code is required.
Aleksey
On 8/9/17 10:58 AM, Roumen Petrov wrote:
><i> Aleksey Sanin wrote:
</i>>><i> It was discussed in the mailing list in the past. You need to
</i>>><i> create openssl config file to use the engine by default and
</i>><i> Hmm, in general this configuration will not work.
</i>><i>
</i>><i> Engines that operate with keys material stored externally cannot be set
</i>><i> as default - usually this break operations with keys stored differently
</i>><i> (file and etc.).
</i>><i>
</i>>><i> pass it to xmlsec1 command line tool.
</i>><i> Perhaps it will work for simple command line case with single key.
</i>><i>
</i>><i> On other side openssl command line option -engine specify where is
</i>><i> located key (call method ENGINE_load_private_key).
</i>><i>
</i>><i> Regards,
</i>><i> Roumen</i></pre></div><div class="gmail_extra"><br><div class="gmail_quote">2017-08-08 21:12 GMT+02:00 Aleksey Sanin <span dir="ltr"><<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It was discussed in the mailing list in the past. You need to<br>
create openssl config file to use the engine by default and<br>
pass it to xmlsec1 command line tool.<br>
<br>
Aleksey<br>
<div><div class="h5"><br>
On 8/1/17 12:56 AM, majkl majkl wrote:<br>
> I need to sign XML documents with certificate and key, stored on USB<br>
> token. I have Linux library (.so) with API, which works in openssl<br>
> (command line) and also in Firefox, for example.<br>
><br>
> I need to tell xmlsec to use the token library to access the key. (Or,<br>
> when crypto openssl is used, make opensl work as it is run with -keyform<br>
> ENGINE -engine pkcs11 -inkey ABC -passin pass:PASS).<br>
><br>
> Thanks, Michal<br>
><br>
><br>
</div></div>> ______________________________<wbr>_________________<br>
> xmlsec mailing list<br>
> <a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a><br>
> <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" rel="noreferrer" target="_blank">http://www.aleksey.com/<wbr>mailman/listinfo/xmlsec</a><br>
><br>
</blockquote></div><br></div>