[xmlsec] Signing xml using etoken
Roumen Petrov
xmlsec at roumenpetrov.info
Wed Jul 9 14:59:35 PDT 2008
Ivan Barrera A. wrote:
> Roumen Petrov escribió:
>> Ivan Barrera A. wrote:
>>> Hi again.
>>>
>>> Ive tried almost all solutions ive found on the web, and still no luck.
>> Hmm. I don' think that xmlsec support engines. Did you found a patch ?
>>
>
> Nope
>
>>> - USB etoken (Aladdin Pro32K, using its own format)
>>> - Library from aladdin to access de eToken
>>> (/usr/lib//usr/lib/libeTPkcs11.so)
>>> - a X509 Cert inside the eToken, along private and public keys (that
>>> cannot be exported. The eToken has to sign all data itself)
>> Since this is you environment, could you propose a patch to xmlsec that
>> support openssl engines?
>
> Yep :)
> As soon as i have something working, ill clean it up, and propose a patch.
> So far, ive done a dirty hack to select engine inside openssl/app.c.
I think that passing function argument "config" to OPENSSL_config is
enough to select engine set by openssl config file (line 53 in
src/openssl/app.c). I expect this file to be from command line option
--crypto-config :-/ .
> Now im on to replicating the -keyform part on ssl.
Did you mark private key as external so that xmlsec function will not
try to load it and to ask engine for operation ?
[SNIP]
Roumen
More information about the xmlsec
mailing list