[xmlsec] Error running xmlsec under windows

[Stewart Bourke]

I have installed and built the xmlsec tools under Windows 2000.  They appear to have built correctly, and I am now trying to use the command line tool (xmlsec) to sign a file, and to get to know the system.   I copied the template file from the tutorial as follows:   <?xml version="1.0" encoding="UTF-8"?> <!-- XML Security Library example: Simple signature template file for sign1 example. --> <Envelope xmlns="urn:envelope">   <Data>  Hello, World!   </Data>   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">     <SignedInfo>       <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />       <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />       <Reference URI="">         <Transforms>           <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />         </Transforms>         <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />         <DigestValue></DigestValue>       </Reference>     </SignedInfo>     <SignatureValue/>     <KeyInfo>  <KeyName/>     </KeyInfo>   </Signature> </Envelope>       and when I try to run the command line tool i get:   xmlsec --sign templ.xml   I get a raft of errors:   CC:\Download\xmlsec\XMLSEC~1.5\win32\binaries>xmlsec --sign templ.xml --output ou tput.xml --pkcs12 62NOHASH.P12 --pwd xxxxxxxx, --pubkey-cert-der cert.cer func=:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error= 1:xmlsec library function failed: func=:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is no t found: func=:file=..\src\xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInf oNode:error=1:xmlsec library function failed: func=:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProc essNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "templ.xml"     I had thought that by starting with the sample template I could at least check if the tool is working.    I am pretty sure it is to do with the way in which I am specifying my key files etc, but frankly I am not sure what to do.   In my sample above, I have commented out my actual password with 'xxxxxxx' just for the sake of the email.   My configureation is as follows:   I have a pkcs12 password file which contains the certificate issued by the CA.  I also have the password.  I can open this password file, for example, in IIE, so I know my password is correct.   I exported the certificate to a .der file, and called it cert.cer   I am now trying to sign the template file, but I get the errors shown above...   Any help would be appreciated...   Regards,   Stewart Bourke