[xmlsec] Signing xml using etoken
Aleksey Sanin
aleksey at aleksey.com
Sun Jun 29 19:23:47 PDT 2008
It looks like the key could not be found. Try to look at the
code under debugger to make sure you use correct key name.
It is a little tricky with NSS but with openssl you can
put the key into xmlsec keymanager as long as you have
an EVP. You might need to write some code to load the correct
crypto engine though.
Aleksey
Ivan Barrera A. wrote:
> Hi !
>
> I've been fighting the last week on trying to sign xmldocuments, using a
> cert stored on an etoken. (aladdin 32K).
> Im using the lib /usr/lib/libeTPkcs11.so provided by aladdin, and trying
> to sign the document in any way.
>
> So far, ive tried openssl, and nss with no luck. Using openssl alone, i
> can get the system to sign smime documents using the token ( openssl
> smime -sign -engine pkcs11 -in test.xml -out a.xml -signer my-cert.pem
> -keyform engine -inkey
> 39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30
> )
> And adding the etoken lib to nss :
> modutil -list gives
> 2. eToken
> library name: /usr/lib/libeTPkcs11.so
> slots: 17 slots attached
> status: loaded
>
> slot: AKS ifdh 00 00
> token: eToken
>
>
>
> However, when i try to sign anything using xmlsec1, i only get
>
> # xmlsec1 --sign --crypto nss --output a.xml test4.xml
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> library function failed: ;last nss error=0 (0x00000000)
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> is not found: ;last nss error=0 (0x00000000)
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed: ;last nss error=0 (0x00000000)
> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed: ;last nss error=0 (0x00000000)
> Error: signature failed
> Error: failed to sign file "test4.xml"
>
>
>
> Ive tried using keyname, keyvalue, keys.xml file. Nothing worked. Most
> probably, im doing something wrong.
> Someone has done , or know how can i achieve this ?
>
> BTW, Running on fedora core 9, using latest openct/pcscd/xmlsec.
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list