Thank you, loading a pkcs12 file worked! I created a pkcs12 file with my public cert and private key. I loaded it into xmlsec and it did everything else on its own, and on the other end I was able to decrypt it with my private key (so I assume that it got the public key out and did things correctly).
However, there is a problem with this. Since I am going to be using the "clients" public key/cert, I'll have to make the pkcs12 file without a private key. This appears to be do-able with openssl (though what I'm doing now could be wrong). The command I use to get the pkcs12 file from a pem format cert is: openssl pkcs12 -export -in PubCertFile.pem -nokeys -out myTempCert.p12 but when I load the result of this command into xmlsec, I get this error: func=xmlSecOpenSSLEvpKeyAdopt:file=evp.c:line=211:obj=unknown:subj=pKey != NULL:error=100:assertion: func=xmlSecOpenSSLAppPkcs12LoadBIO:file=app.c:line=702:obj=unknown:subj=xmlSecOpenSSLEvpKeyAdopt:error=1:xmlsec library function failed: func=xmlSecOpenSSLAppPkcs12Load:file=app.c:line=574:obj=unknown:subj=xmlSecOpenSSLAppPkcs12LoadBIO:error=1:xmlsec library function failed:filename=/myKeyDir/myTempCert.p12;errno=2 It looks like xmlsec is expecting a private key with the file, but I can't have it due to the nature of security. Is there a way to tell xmlsec to just use the public key that's inside the pkcs12 file? or am I going about this wrong? Thanks again, Brian Aleksey Sanin <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 06/17/2008 03:17 PM To [EMAIL PROTECTED] cc [email protected] Subject Re: [xmlsec] wsse tokens and encryption > Do I need to manually put the cert into the key? Yes! You must associate the cert with the key. The simplest way to do this is to put your key and certificate(s) into pkcs12 file and then load the file "at once". It is possible to do it manually but you will need to manipulate the key data objects yourself. Aleksey _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
