[xmlsec] Loading private key in any format other than PEM

allicoder redocilla aredocilla at gmail.com
Tue Oct 22 10:23:25 PDT 2013


This is what I thought, but I've also tried loading the file as-is, turning
it into a byte[] and giving it to xmlSecCryptoAppKeyLoadMemory; or even
loading directly from file (which I wouldn't be able to do in a production
system, as the keyfile is packaged up in an APK file) and giving it to
xmlSecCryptoAppKeyLoad - no luck. As I said, I've tried numerous ways of
getting this to work, and I cannot make it happen.

Best wishes,
Alice.

PS. Encrypted keys do work if they're in PEM format.


On Thu, Oct 17, 2013 at 4:32 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:

> privateExponent.toByteArray() might not return the DER format expected by
> the function.
>
> Aleksey
>
>
> On 10/17/13 7:59 AM, allicoder redocilla wrote:
>
>> Dear Aleksey (CC xmlsec list),
>>
>> I am trying to load a private key from memory using xmlsec (testing with
>> RSA keys). Unfortunately, I can only do this if the memory buffer is a
>> pem file's contents; anything else fails. I was hoping you might be able
>> to shed some light on why this might be going wrong.
>>
>> I am getting the key data from Java using various methods, all to no
>> avail. I have tried PrivateKey.getEncodedBytes(),
>> RSAPrivateKey.**getPrivateExponent().**toByteArray(), new
>> PKCS8Key().getEncodedBytes(), passing in a der file directly, loading a
>> der file directly... Nothing but pem files seems to work.
>>
>> Is this a limitation of xmlsec, or am I just doing something wrong?
>> Could you suggest a combination of xmlSecKeyDataFormat and the format it
>> expects?
>>
>> I'm (attempting to) load the key using
>>    xmlSecKeyPtr privateKey = xmlSecCryptoAppKeyLoadMemory((**const
>> xmlChar*)data, dataLength, xmlSecKeyDataFormat*, NULL, NULL, NULL);
>>
>> Error message (xmlSecKeyDataFormatDer, privateExponent.toByteArray())**:
>> E/XmlSigner_jni( 6867):
>> (/home/arc/projects/xml-**signing/android-builds//**
>> xmlsec/./src/openssl/app.c:**263):
>> (null):PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY:4:
>> E/XmlSigner_jni( 6867):
>> (/home/arc/projects/xml-**signing/android-builds//**
>> xmlsec/./src/openssl/app.c:**205):
>> (null):**xmlSecOpenSSLAppKeyLoadBIO:1:
>>
>> The keys I'm testing with are unencrypted. I'm using xmlsec checked out
>> from a few days ago, openssl 0.9.8 from tarball. Platform is Android.
>>
>> Best wishes,
>> Alice.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20131022/78328941/attachment.html>


More information about the xmlsec mailing list