[xmlsec] Using xmlsec with openssl config file and engine pkcs11

[GOUSSEAU Denis]

I’m trying to use XmlSec binaries with an pkcs11 engine which work fine with
openssl :

OpenSsl config file :

 

openssl_conf            = openssl_def

[openssl_def]

engines = engine_section

[engine_section]

pkcs11 = pkcs11_section

[pkcs11_section]

engine_id = pkcs11

dynamic_path = ./engine_pkcs11.dll

MODULE_PATH = c:/windows/cps_pkcs11_w32.dll

init = 0

PIN=1234

[req]

distinguished_name = req_distinguished_name

[req_distinguished_name]

 

Dos command line

xmlsec --sign--pwd 1234  --crypto openssl --crypto-config .\openssl.cfg
TestEnvoi.txt

 

And i have  this error

 

func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1370:obj=unknown:subj=xmlS
ecKeysMngrFindKey:error=1:xmlsec library function failed:

func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn
own:subj=unknown:error=45:key is not found:

func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un
known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function
failed:

func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSe
cDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:

Error: signature failed

Error: failed to sign file "TestEnvoi.txt"

 

With a pem certificate, the file can be signed.

 

So, the problem is with openssl and the config file or the engine i’m using.

 

Does xmlSec work with pkcs11 engine without change ? Because I saw some
patch but can’t find them with problem on private key.

 

 

Thanks for help.

 

 

-----------------------------------------------
Denis GOUSSEAU
 Société SANTEOS
-----------------------------------------------

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100922/5d2114ce/attachment.html>