[xmlsec] Signing with key on token

[Roumen Petrov]

Hi Michal,


majkl majkl wrote:
> I am sorry, but I can not get it.
>
> Yes, I've found the same question in one historic -very historic-
> list, but no solution.
>
> What I am supposed to do to use key on token to sign in xmlsec,
> please? Use appropriate openssl config?
> I have spent a whole week by searching for it, no luck. It works only
> when I directly run opennsl from command line.
The trick with openssl is that you specify location of key. Usually it 
is specified by argument "-inform" that accepts PEM, DER or ENGINE. 
First two are for keys stored into file and engine is for external keys.

> I am supposed to patch xmlsec sources?
I think yes as xmlsec binary supports various options for keys stores 
into files --privkey-pem ( --privkey) or --privkey-der but does not . 
Missing is something like --privkey-eng[ine].

> Or openssl sources?
No openssl engine functionality work well.

> Does xmlsec uses its own libraries for openssl engine,
> or it uses system/openssl shared libraries?
xmlsec uses external crypto(openssl and etc.) libraries .
> I am quite lost in this moment, but I really need to sign xmls with token.
>
> Thanks,
>
>                      Michal
> [SNIP]

Roumen