[xmlsec] PKCS11 - Key not found

Pablo G. Gallardo pggllrd at gmail.com
Wed Nov 9 02:43:23 PST 2016


Hi Aleksey,

Thank you! You are right. xmlSecKeyGetType(key) returned 1 (public key). I'll check why is it recognized as a public key. As you said, I'm not passing the correct key object (RSA), just adopting EVP_PKEY.

I'll fix that and then I'll came with the result.

Thank you!

Pablo

Em 9 de novembro de 2016 00:17:27 BRST, Aleksey Sanin <aleksey at aleksey.com> escreveu:
>Assuming that the key type matches the requested signature type
>in the template (i.e. RSA signatures require RSA keys)...
>
>Can you try to print the key type with
>
>xmlSecKeyGetType(key)
>
>Basically, I suspect that it doesn't recognize the key as private
>thus can't find a proper key for the signature.
>
>Best,
>
>Aleksey
>
>On 11/8/16 5:05 PM, Pablo Gabriel Gallardo wrote:
>> Hello there!
>> 
>> I want to use xmlsec to sign XMLs with a smart card. I'm using libp11
>> and when I call xmlSecDSigCtxSign(), it returns -1 and I'm getting
>> this error:
>> 
>>
>func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
>> is not found:
>>
>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
>> library function failed:
>>
>func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec
>> library function failed:
>> Error: signature failed
>> 
>> I use xmlSecOpenSSLEvpKeyAdopt() to set the EVP_PKEY from my smart
>> card but I'm sure that I am missing something.
>> 
>> Could someone please help me to see what else I should be doing to
>> make this work? I've checked this mailing list and someone in 2008
>had
>> the same problem but he didn't mention how to solve it.
>> 
>> Here are the parts I've modified from sign3.c. Complete source is on
>>
>https://github.com/pablogallardo/livrenfe/blob/development/src/sign.c:
>> 
>> static xmlSecKeyPtr load_key(const char *pwd) {
>> 
>>     xmlSecKeyPtr key = NULL;
>>     xmlSecKeyDataPtr data;
>>     EVP_PKEY *pKey = NULL;
>>     int ret;
>> 
>>     pKey = get_private_key(pwd);
>>     if(pKey == NULL)
>>         return NULL;
>> 
>>     data = xmlSecOpenSSLEvpKeyAdopt(pKey);
>>     if(data == NULL) {
>>         EVP_PKEY_free(pKey);
>>         return NULL;
>>     }
>> 
>>     key = xmlSecKeyCreate();
>>     if(key == NULL) {
>>         xmlSecKeyDataDestroy(data);
>>         return NULL;
>>     }
>> 
>>     ret = xmlSecKeySetValue(key, data);
>>     if(ret < 0) {
>>         xmlSecKeyDestroy(key);
>>         xmlSecKeyDataDestroy(data);
>>         return NULL;
>>     }
>>     return key;
>> }
>> 
>> int sign_file(const char* xml_file, char *password) {
>> 
>> .....
>> 
>> 
>>     /* load private key */
>>     dsigCtx->signKey = load_key(password);
>>     if(dsigCtx->signKey == NULL) {
>>         fprintf(stderr,"Error: failed to load private key from
>smartcard\n");
>>     goto done;
>>     }
>> 
>>     /* load certificate and add to the key
>>     if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
>> xmlSecKeyDataFormatPem) < 0) {
>>         fprintf(stderr,"Error: failed to load pem certificate
>> \"%s\"\n", cert_file);
>>         goto done;
>>     }*/
>> 
>>     /* set key name to the file name, this is just an example!
>>     if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
>>         fprintf(stderr,"Error: failed to set key name for key from
>> \"%s\"\n", key_file);
>>         goto done;
>>     } */
>> 
>>     /* sign the template */
>>     if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
>>         fprintf(stderr,"Error: signature failed\n");
>>         goto done;
>>     }
>> 
>>     ....
>> }
>> 
>> 
>> 
>> Thank you!
>> 
>> Pablo G. Gallardo
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>> 

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


More information about the xmlsec mailing list