Ok, I just started looking at it, but I'm still struggling. First of all, I signed my private key using the aleksey.crt certificate. By using openssl x509 -text -in privkey-cert.pem I am able to verify that it has been signed correctly using the aleksey certificate:
....
I have attached the resulting test.xml document in this email.


Please read section 3.2 from FAQ: http://www.aleksey.com/xmlsec/faq.html
Your document could not be verified and I believe you had a warning when you signed it.


Since I am generating the documents dynamically, I guess I need to add the 509Data node programatically. The way I do this is:

....

I am not sure this is (or should be) enough to generate a signed document, but from the output, something is obviously wrong since no 509Data section appears in the generated document (differently from the output of trying to do the same in xmlsec).

Adding X509Data node to XML tree shouldn't be related to reading keys/certs.
The xmlSecKeyInfoAddX509Data() function itself is pretty simple and straihtforward.
Can you print out XML document right after the xmlSecKeyInfoAddX509Data() function
call? The only reason I can think of is that X509Data node will be deleted from result document
if the key does not have a cert associated with it.

On another note, I've also tried reading the aleksey.key using:

keyPtr = xmlSec.SimpleKeysMngrLoadPemKey (keysMngr, "aleksey.key", "1234")

and this fails with xmlSec it is not able to read the library. If I use:

openssl rsa -text -in aleksey.key

and input "1234" I get a textdump of the key. I have also verified that the bug is not in my lua binding of xmlsec (by outputting the parameters that I send to the C function).

Any idea why loadpemkey fails with a password? I'm running everything on Gentoo Linux if that matters.
Can you file a bug about this, please?
http://www.aleksey.com/xmlsec/bugs.html
And how urgent is it for you? I am doing some other stuff right now and I would prefer to fix this problem
later if it is not urgent.


Aleksey



_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec


Reply via email to