[xmlsec] xmlsec passing TPM blob
Aleksey Sanin
aleksey at aleksey.com
Wed Feb 8 11:09:46 PST 2017
https://www.w3.org/TR/xmldsig-core/#sec-Reference
Aleksey
On 2/8/17 3:02 AM, Gilson Fonseca Peres Filho wrote:
> Dear Aleksey,
>
> I could not find how to specify the key blob for signing with
> xmlsec1 and hardware TPM.
>
> I can do it successfully from openssl with this :
>
> openssl dgst -sha256 -keyform engine -engine tpm -sign lambda.blot -out
> sign.sha256 test.txt
>
>
> I also found about --crypto-config
>
> openssl_conf = openssl_def
>
> [openssl_def]
> engines = engine_section
>
> [engine_section]
>
> foo = tpm_section
>
> [tpm_section]
> dynamic_path = /usr/local/ssl/lib/engines/libtpm.so
> engine_id = tpm
> default_algorithms = ALL
> #default_algorithms = RAND,RSA
> init = 1
> oid_file= lambda.blob
>
> xmlsec1 --sign --output tsigned.xml --crypto-config openssl.cnf val4.xml
>
> How could a pass the lambda.blob to xmlsec1 ?
> I'm just testing with xmlsec1 but my final goal is to embedded the
> code inside my application.
>
> Thank you for your time,
>
> Gilson
>
More information about the xmlsec
mailing list