[xmlsec] Signing a document with key and cert..
Aleksey Sanin
aleksey@aleksey.com
Mon, 18 Nov 2002 09:27:55 -0800
> Ok, I just started looking at it, but I'm still struggling. First of
> all, I signed my private key using the aleksey.crt certificate. By
> using openssl x509 -text -in privkey-cert.pem I am able to verify that
> it has been signed correctly using the aleksey certificate:
> ....
> I have attached the resulting test.xml document in this email.
Please read section 3.2 from FAQ:
http://www.aleksey.com/xmlsec/faq.html
Your document could not be verified and I believe you had a warning when
you signed it.
> Since I am generating the documents dynamically, I guess I need to add
> the 509Data node programatically. The way I do this is:
>
> ....
> I am not sure this is (or should be) enough to generate a signed
> document, but from the output, something is obviously wrong since no
> 509Data section appears in the generated document (differently from
> the output of trying to do the same in xmlsec).
Adding X509Data node to XML tree shouldn't be related to reading keys/certs.
The xmlSecKeyInfoAddX509Data() function itself is pretty simple and
straihtforward.
Can you print out XML document right after the
xmlSecKeyInfoAddX509Data() function
call? The only reason I can think of is that X509Data node will be
deleted from result document
if the key does not have a cert associated with it.
> On another note, I've also tried reading the aleksey.key using:
>
> keyPtr = xmlSec.SimpleKeysMngrLoadPemKey (keysMngr, "aleksey.key",
> "1234")
>
> and this fails with xmlSec it is not able to read the library. If I use:
>
> openssl rsa -text -in aleksey.key
>
> and input "1234" I get a textdump of the key. I have also verified
> that the bug is not in my lua binding of xmlsec (by outputting the
> parameters that I send to the C function).
>
> Any idea why loadpemkey fails with a password? I'm running everything
> on Gentoo Linux if that matters.
Can you file a bug about this, please?
http://www.aleksey.com/xmlsec/bugs.html
And how urgent is it for you? I am doing some other stuff right now and
I would prefer to fix this problem
later if it is not urgent.
Aleksey