Aleksey Sanin escribió: > It looks like the key could not be found. Try to look at the > code under debugger to make sure you use correct key name. > It is a little tricky with NSS but with openssl you can > put the key into xmlsec keymanager as long as you have > an EVP. You might need to write some code to load the correct > crypto engine though. Ok, ill read and try that. Im kinda new into this topic, so if anyone can share some examples ill be most grateful :)
Thanks > > Aleksey > > Ivan Barrera A. wrote: >> Hi ! >> >> I've been fighting the last week on trying to sign xmldocuments, using a >> cert stored on an etoken. (aladdin 32K). >> Im using the lib /usr/lib/libeTPkcs11.so provided by aladdin, and trying >> to sign the document in any way. >> >> So far, ive tried openssl, and nss with no luck. Using openssl alone, i >> can get the system to sign smime documents using the token ( openssl >> smime -sign -engine pkcs11 -in test.xml -out a.xml -signer my-cert.pem >> -keyform engine -inkey >> 39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30 >> >> ) >> And adding the etoken lib to nss : >> modutil -list gives >> 2. eToken >> library name: /usr/lib/libeTPkcs11.so >> slots: 17 slots attached >> status: loaded >> >> slot: AKS ifdh 00 00 >> token: eToken >> >> >> >> However, when i try to sign anything using xmlsec1, i only get >> >> # xmlsec1 --sign --crypto nss --output a.xml test4.xml >> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec >> >> library function failed: ;last nss error=0 (0x00000000) >> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key >> >> is not found: ;last nss error=0 (0x00000000) >> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec >> >> library function failed: ;last nss error=0 (0x00000000) >> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec >> >> library function failed: ;last nss error=0 (0x00000000) >> Error: signature failed >> Error: failed to sign file "test4.xml" >> >> >> >> Ive tried using keyname, keyvalue, keys.xml file. Nothing worked. Most >> probably, im doing something wrong. >> Someone has done , or know how can i achieve this ? >> >> BTW, Running on fedora core 9, using latest openct/pcscd/xmlsec. >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
