On 5/29/13 8:01 AM, "Adrian Stern" <[email protected]> wrote:
>Do you by any chance now how to use these tools? I just can't get >anything to work. I have never used templatesign, no. >My doing so far: >1. Creating an rsa key pair with openssl: >openssl genrsa -out key.pem 2088 >openssl rsa -in key.pem -pubout > key.pub > >2. Add modulus and exponent: >openssl rsa -modulus -pubin <key.pub >openssl rsa -pubin -inform PEM -text -noout <key.pub The last time I had to try and generate a bare key in XML, I was pretty much unsuccessful using openssl to do it. So I suspect that may be your problem. The bare key format is totally ridiculous and of no practical usability. The latest spec includes a DEREncodedKeyValue option, or you're just better off using a self-signed certificate. >Sometimes I got this message: >Message: DSIGSignature::verify() - no verification key loaded and cannot >determine from KeyInfoResolver >This is, when I don't add (or remove) the KeyInfo Tag. checksig has options to supply the key on the command line, I think. I think you're probably messing up the KeyInfo. -- Scott
