[xmlsec] wsse tokens and encryption
Brian.Myers at zootweb.com
Brian.Myers at zootweb.com
Thu Jun 19 08:41:14 PDT 2008
Thank you, loading a pkcs12 file worked! I created a pkcs12 file with my
public cert and private key.
I loaded it into xmlsec and it did everything else on its own, and on the
other end I was able to decrypt
it with my private key (so I assume that it got the public key out and did
things correctly).
However, there is a problem with this.
Since I am going to be using the "clients" public key/cert, I'll have to
make the pkcs12 file without a private key.
This appears to be do-able with openssl (though what I'm doing now could
be wrong).
The command I use to get the pkcs12 file from a pem format cert is:
openssl pkcs12 -export -in PubCertFile.pem -nokeys -out myTempCert.p12
but when I load the result of this command into xmlsec, I get this error:
func=xmlSecOpenSSLEvpKeyAdopt:file=evp.c:line=211:obj=unknown:subj=pKey !=
NULL:error=100:assertion:
func=xmlSecOpenSSLAppPkcs12LoadBIO:file=app.c:line=702:obj=unknown:subj=xmlSecOpenSSLEvpKeyAdopt:error=1:xmlsec
library function failed:
func=xmlSecOpenSSLAppPkcs12Load:file=app.c:line=574:obj=unknown:subj=xmlSecOpenSSLAppPkcs12LoadBIO:error=1:xmlsec
library function failed:filename=/myKeyDir/myTempCert.p12;errno=2
It looks like xmlsec is expecting a private key with the file, but I can't
have it due to the nature of security.
Is there a way to tell xmlsec to just use the public key that's inside the
pkcs12 file? or am I going about this wrong?
Thanks again,
Brian
Aleksey Sanin <aleksey at aleksey.com>
Sent by: xmlsec-bounces at aleksey.com
06/17/2008 03:17 PM
To
Brian.Myers at zootweb.com
cc
xmlsec at aleksey.com
Subject
Re: [xmlsec] wsse tokens and encryption
> Do I need to manually put the cert into the key?
Yes! You must associate the cert with the key. The simplest
way to do this is to put your key and certificate(s) into
pkcs12 file and then load the file "at once". It is possible
to do it manually but you will need to manipulate the
key data objects yourself.
Aleksey
_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080619/58737762/attachment-0002.htm
More information about the xmlsec
mailing list