NSS does not support loading private keys from PEM file. Either use PKCS12 or import the key in NSS key db directly.
From the README file in src/nss folder:
10) Not all file formats are supported
- xmlSecNssAppKeyLoad(): This function loads a PKI key from a file.
The following formats are supported:
. xmlSecKeyDataFormatDer: This expects the private key to be in
PrivateKeyInfo format. Note that the DER files containing
private keys in the xmlsec test suite aren't in that format
. xmlsecKeyDataFormatPkcs12
The following formats are not supported:
. xmlSecKeyDataFormatPkcs8Pem
. xmlSecKeyDataFormatPkcs8Der
- xmlSecNssAppCertLoad(): This function loads a cert from a file.
The following formats are supported:
xmlSecKeyDataFormatDer
The following formats are not supported:
xmlSecKeyDataFormatPemAleksey
Stone Xiang wrote:
Hi, Aleksey,
I am sorry to bother, but I has been dwelling on this problem for days.
I successfully compiled the XML security component on Linux using
nss-3.8 and nspr-4.3 (and libxml, libxslt, libiconv, of course). But when
I run the program "sign1" under the "example" directory, I got the following
error information:
[EMAIL PROTECTED] examples]$ ./sign1 sign1-tmpl.xml rsakey.pem
func=xmlSecNssAppKeyLoad:file=app.c:line=237:obj=unknown:subj=xmlSecNssAppKeyLoad:error=17:invalid format:format=2
Error: failed to load private pem key from "rsakey.pem"
It seems that the NSS crypto library cannot correctly recognize the private key. What's wrong? By the way, I am using the x86 binary version of NSS and NSPR on a RedHat 9.0 installation.
I am sincerely looking forward to your reply.
Stone Xiang
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
