[xmlsec] Re: NSS-Based XML Security Library Not Working on Linux
Aleksey Sanin
aleksey at aleksey.com
Tue Dec 2 08:26:44 PST 2003
NSS does not support loading private keys from PEM file. Either use PKCS12
or import the key in NSS key db directly.
From the README file in src/nss folder:
10) Not all file formats are supported
- xmlSecNssAppKeyLoad(): This function loads a PKI key from a file.
The following formats are supported:
. xmlSecKeyDataFormatDer: This expects the private key to be in
PrivateKeyInfo format. Note that the DER files
containing
private keys in the xmlsec test suite aren't in that
format
. xmlsecKeyDataFormatPkcs12
The following formats are not supported:
. xmlSecKeyDataFormatPkcs8Pem
. xmlSecKeyDataFormatPkcs8Der
- xmlSecNssAppCertLoad(): This function loads a cert from a file.
The following formats are supported:
xmlSecKeyDataFormatDer
The following formats are not supported:
xmlSecKeyDataFormatPem
Aleksey
Stone Xiang wrote:
> Hi, Aleksey,
>
> I am sorry to bother, but I has been dwelling on this problem for days.
>
> I successfully compiled the XML security component on Linux using
> nss-3.8 and nspr-4.3 (and libxml, libxslt, libiconv, of course). But when
> I run the program "sign1" under the "example" directory, I got the
> following
> error information:
>
> [stone at dhcp-cbjs05-218-9 examples]$ ./sign1 sign1-tmpl.xml rsakey.pem
> func=xmlSecNssAppKeyLoad:file=app.c:line=237:obj=unknown:subj=xmlSecNssAppKeyLoad:error=17:invalid
> format:format=2
> Error: failed to load private pem key from "rsakey.pem"
>
> It seems that the NSS crypto library cannot correctly recognize the
> private key. What's wrong? By the way, I am using the x86 binary
> version of NSS and NSPR on a RedHat 9.0 installation.
>
> I am sincerely looking forward to your reply.
>
> Stone Xiang
>
>
>
More information about the xmlsec
mailing list