[xmlsec] Questions regarding xmlsec-nss
Govind Krishnamurthi
govs23 at hotmail.com
Tue Mar 30 09:52:35 PST 2004
> > I have two questions, is there any s/w wherein I can generate
>>a key in this format?
>openssl can write keys and certificates in both PEM and DER format.
>Check "-inform" and "-outform" options. This is very strange that
>you got crashers. One more option you have is to import the key
>in the NSS keydb and then xmlsec can load keys from there. Check
>the NSS distribution for "pk12util".
>
I am able to repeat the segbort fault pretty much everytime.
This is what I tried.
I generated a fresh rsakey using openssl
openssl genrsa -out key.pem 1024. This is because, the Readme file
indicated
that the existing PEM files are not in the PrivateKeyInfo format (?)
then converted it into der using
openssl rsa -inform PEM -outform DER -in key.pem -out key.der
Ran the test code as sign1 sign1-tmpl.xml key.der
The SEGABRT occurs line 474 src/nss/app.c Seemingly, when I go down
the stack to check out where the actual problem is it is in
PORT_FreeArea(arena, PR_FALSE);
line 1820 seckey.c
Let me know if there is anything wrong in my execution of the code.
Thanks a lot for your immediate response,
Govind.
>>Second, how difficult is it to extend the support to other key formats in
>>xmlsec? Or is the problem with NSS, which has no support.
>This is NSS limitation. For example, xmlsec-openssl supports both PEM
>and DER files. I don't want xmlsec to parse key files by itself
>thus you have to file a bug against NSS (but I guess I know the
>response).
>
>Aleksey
>
>
>
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/
More information about the xmlsec
mailing list