[xmlsec] xmlsec, openssl , gost
waterfall at inbox.ru
waterfall at inbox.ru
Mon Apr 5 23:52:44 PDT 2010
--- Исходное сообщение ---
От: "waterfall at evol.ru" <waterfall at evol.ru>
Отправлено: 06.04.2010 01:23:14
Тема: xmlsec, openssl , gost
1. i install openssl 1.0 (use ./config shared ), xmlsec 1.2.4 (use ./configure --enable-gost --with-openssl="/usr/local/ssl") in slax
2. generate key : openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out seckey.pem
sign1-tmpl-rus.xml (from test)
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Simple signature template file for sign1 example.
-->
<Envelope xmlns="urn:envelope">
<Data>
Hello, World!
</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::dsig:Signature)</XPath>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<X509Data>
<X509Certificate></X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>
sign1 - one of examples (by default it use openssl engine)
command ./sign1 sign1-tmpl-rus.xml seckey.pem
get this
func=xmlSecOpenSSLEvpKeyAdopt:file=evp.c:line=241:obj=unknown:subj=unknown:error=14:invalid type:evp key type 811 not supported
func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=333:obj=unknown:subj=xmlSecOpenSSLEvpKeyAdopt:error=1:xmlsec library function failed:
func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=143:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed:filename=seckey.pem;errno=0
Error: failed to load private pem key from "seckey.pem"
what should I do?:)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100406/21fa4885/attachment.html>
More information about the xmlsec
mailing list