[xmlsec] Error running xmlsec under windows

Tue Apr 20 11:18:08 PDT 2004

I have installed and built the xmlsec tools under Windows 2000.  They appear to have built correctly, and I am now trying to use the command line tool (xmlsec) to sign a file, and to get to know the system.

I copied the template file from the tutorial as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!-- 
XML Security Library example: Simple signature template file for sign1 example. 
-->
<Envelope xmlns="urn:envelope">
  <Data>
 Hello, World!
  </Data>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue></DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue/>
    <KeyInfo>
 <KeyName/>
    </KeyInfo>
  </Signature>
</Envelope>

and when I try to run the command line tool i get:

xmlsec --sign templ.xml

I get a raft of errors:

CC:\Download\xmlsec\XMLSEC~1.5\win32\binaries>xmlsec --sign templ.xml --output ou
tput.xml --pkcs12 62NOHASH.P12 --pwd xxxxxxxx, --pubkey-cert-der cert.cer

func=:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=
1:xmlsec library function failed:
func=:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is no
t found:
func=:file=..\src\xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInf
oNode:error=1:xmlsec library function failed:
func=:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProc
essNode:error=1:xmlsec library function failed:
Error: signature failed
Error: failed to sign file "templ.xml"

I had thought that by starting with the sample template I could at least check if the tool is working.  

I am pretty sure it is to do with the way in which I am specifying my key files etc, but frankly I am not sure what to do.

In my sample above, I have commented out my actual password with 'xxxxxxx' just for the sake of the email.

My configureation is as follows:

I have a pkcs12 password file which contains the certificate issued by the CA.  I also have the password.  I can open this password file, for example, in IIE, so I know my password is correct.

I exported the certificate to a .der file, and called it cert.cer

I am now trying to sign the template file, but I get the errors shown above...

Any help would be appreciated...

Regards,

Stewart Bourke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20040420/2f00bc9f/attachment.htm