[xmlsec] Signing an XML file.

Jean Cyr jcyr at dillobits.com
Thu Jun 8 20:32:59 PDT 2006


Ok, second night of struggling. What am I doing wrong?

The XML template file (pad.templ):

<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Simple signature template file for sign1 example.
-->
<Envelope xmlns="urn:envelope">
  <Data>
        Hello, World!
  </Data>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue></DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue/>
    <KeyInfo>
        <KeyName/>
    </KeyInfo>
  </Signature>
</Envelope>

The private key (Dillo.key):

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,8F9F5B674A6E8E74

u+t1otoa0+f6C5oDR12TyLHLSpIsfFIMXDBdIkAdZQtEW4K819YEaJb3cpqB/6qR
zi4CYC307bmS2vQVT6GEF3giC+/jqQehWjYDLmdT7glKYVHF/4xGiyYHjHQC1GQo
kad7sTw9eviDYhZrnLT9GzA1r82u89hi20YPVB1/Uz1cBMx21ePqFksNNwig3G/m
9F2hMw5cF3sKFa5rqO+DpuFgwOjKIUaOoqz+JwHQvGqAUjtH4oq/sT0SEgcXXCzv
6DWLxBrDdLTeaKEZNEOBSK4Y37f0yRI41s9bmiHhRXALoUInZSJewJn8tPpPb3/H
kmH3L0NhV/53AdZ1L8PVfKRhyPLa+5L0ezyvHCIwR8F1ojJaprPFKHDr9MaK9Qjc
GZt3sFmZlc0USDf91hnH4Y26cZFjuB0wi+esG1J3Kqg=
-----END RSA PRIVATE KEY-----

The certificate (Dillo.crt):

-----BEGIN CERTIFICATE-----
MIIB+jCCAaQCCQDwKJgU+FLQbzANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMC
VVMxEDAOBgNVBAgTB0dlb3JnaWExEzARBgNVBAcTCkFscGhhcmV0dGExDDAKBgNV
BAoTA0FTUDEMMAoGA1UECxMDUEFEMQwwCgYDVQQDEwNBU1AxITAfBgkqhkiG9w0B
CQEWEmpjeXJAZGlsbG9iaXRzLmNvbTAeFw0wNjA2MDgwMDM4MTNaFw0wNzA2MDgw
MDM4MTNaMIGFMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHR2VvcmdpYTETMBEGA1UE
BxMKQWxwaGFyZXR0YTEOMAwGA1UEChMFRGlsbG8xDDAKBgNVBAsTA1BBRDEOMAwG
A1UEAxMFRGlsbG8xITAfBgkqhkiG9w0BCQEWEmpjeXJAZGlsbG9iaXRzLmNvbTBc
MA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDpbyQ/HzgHP6KGmIsnAixfgSA/zN+je+BM
/F5/EaFJbtubnKJ1CdqSnTTo3dx9j/gEfzAnvD6vdcHQn7rng+VbAgMBAAEwDQYJ
KoZIhvcNAQEFBQADQQCBlohxiOIzvTeH7u8Ddqn/EhlsHF+9bTxE2FIsa4HleGEU
QY/aIVWwtiG3QJhCR/JlJ0zBI+sc+4OroOW98RMs
-----END CERTIFICATE-----

Using xmlsec 1.2.9 (openssl), when I issue the following command:

xmlsec --sign-tmpl --pubkey-cert-pem Dillo.crt --privkey-pem Dillo.key pad.templ

After typing the correct password, I get:

Enter password for "Dillo.key" file: 
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function
failed: 
Error: signature failed 
Error: failed to create and sign template

What am I not understanding?





More information about the xmlsec mailing list