[xmlsec] Encrypt with DES and RSA key wrap
Hi Aleksey, I have just about everything working except a 3DES symmetric encrypt whose key is RSA wrapped. I send in this on the xmlsec command line util ... > xmlsec encrypt --xml-data encrypt1-doc.xml --node-name Salary --deskey deskey.bin --pubkey-pem EdShallowPub.pem --output encrypted-DES-wrap.xml tmpl-EPM-encrypt-DES-RSA-wrap.xml Using the attached template "tmpl-EPM-encrypt-DES-RSA-wrap.xml" and I get the following attached output in "encrypted-DES-wrap.xml" It seems to be ignoring the request to wrap key since the inner CipherValue is empty ? Any ideas ? Both 3DES or RSA work alone fine but not together ? Thanks Again, Ed http://www.w3.org/2001/04/xmlenc#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Type="http://www.w3.org/2001/04/xmlenc#Content";> http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> http://www.w3.org/2000/09/xmldsig#";> EdShallow http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> EdShallow Ed Shallow 1234 Mockingbird Lane Yellowknife W1C6J3 123456789 1,000,000,000,000 Ed Shallow 1234 Mockingbird Lane Yellowknife W1C6J3 123456789 http://www.w3.org/2001/04/xmlenc#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Type="http://www.w3.org/2001/04/xmlenc#Content";> http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> http://www.w3.org/2000/09/xmldsig#";> EdShallow http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> EdShallow X7P1n2DcBY2vK/CGpokpGZRRZgRxjUqKJ9tmhj8zp7I=
Re: [xmlsec] Cannot sign anything
Good! I believe that there is OpenPGP support in Libgcrypt/GnuTLS and XMLSec already has a framework that supports it. Probably you should take a look at it too. I'll be glad to help you if you'll have any questions :) Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Cannot sign anything
Sorry for the annoyance. With those corrections, I successfully signed the documents I needed to. I hope I will be able to help your porject soon. If noone works on OpenPGP implementation, I could try to add it to xmlsec, for example... Successfully, le Moine Fou -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A pgp0.pgp Description: PGP signature
Re: [xmlsec] Cannot sign anything
[EMAIL PROTECTED]:~/tmp$ xmlsec1 --sign --privkey-pem ~/.openssl/pierre.pem --output sign1-sig.xml sign1-tmpl.xml Enter PEM pass phrase: func=xmlSecKeysMngrGetKey:file=keys.c:line=924:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: The library could not find the signature key. The original template uses RSA signatures. Make sure that ~/.openssl/pierre.pem file has an RSA private key and try again. [EMAIL PROTECTED]:~/tmp$ xmlsec1 --sign --node-name http://www.w3.org/2000/09/xmldsig:Signature --privkey-pem ~/.openssl/pierre.pem --output sign1-sig.xml sign1-tmpl.xml Enter PEM pass phrase: Error: failed to find node with name="Signature" There is a '#' at the end of XMLDSig namespace "http://www.w3.org/2000/09/xmldsig#";. In your command line it is missing. [EMAIL PROTECTED]:~/tmp$ xmlsec1 --sign --node-xpath /Enveloppe/Signature --privkey-pem ~/.openssl/pierre.pem --output sign1-sig.xml sign1-tmpl.xml Enter PEM pass phrase: You have a spelling mistake in the command line: "Enveloppe" should be "Envelope". How can I find some examples or further documentation to understand how to sign an XML document ? There are a lot of examples in the source package. Check examples/ and tests/ folders. With best regards, Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Cannot sign anything
Hi, I just dicovered the xmlsec library and command-line utilty today, but even after reading the manpage and website, I didn't manage to sign anything. I even tried an example found here : http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-template-file.html#XMLSEC-EXAMPLE-SIGN1-TMPL I created the sign1-tmpl.xml file, and tried some commands : [EMAIL PROTECTED]:~/tmp$ xmlsec1 --sign --privkey-pem ~/.openssl/pierre.pem --output sign1-sig.xml sign1-tmpl.xml Enter PEM pass phrase: func=xmlSecKeysMngrGetKey:file=keys.c:line=924:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "sign1-tmpl.xml" [EMAIL PROTECTED]:~/tmp$ xmlsec1 --sign --node-name http://www.w3.org/2000/09/xmldsig:Signature --privkey-pem ~/.openssl/pierre.pem --output sign1-sig.xml sign1-tmpl.xml Enter PEM pass phrase: Error: failed to find node with name="Signature" Error: failed to load template "sign1-tmpl.xml" Error: failed to sign file "sign1-tmpl.xml" [EMAIL PROTECTED]:~/tmp$ xmlsec1 --sign --node-xpath /Enveloppe/Signature --privkey-pem ~/.openssl/pierre.pem --output sign1-sig.xml sign1-tmpl.xml Enter PEM pass phrase: Error: xpath expression evaluation does not return a single node as expected Error: failed to load template "sign1-tmpl.xml" Error: failed to sign file "sign1-tmpl.xml" How can I find some examples or further documentation to understand how to sign an XML document ? Technically, le Moine Fou -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A pgp0.pgp Description: PGP signature
