"sign-tmpl" command is mostly a test tool for xmlsec itself.
The signature is hard coded to use HMAC, some very specific
XPath transform, etc. You probably don't want to use it.
Aleksey
Atul Bhouraskar wrote:
Hello,
Can someone please explain to me the correct usage of the --sign-tmpl
command for xmlsec1?
I have been able to successfully sign a template file using the --sign
command.
This is what I have done:
$openssl genrsa -out private_key.pem 2048
$openssl rsa -pubout -in private_key.pem -out public_key.pem
The test file is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<Data>
Hello, World!
</Data>
</Envelope>
$ xmlsec1 --sign-tmpl --privkey-pem private_key.pem test-sig.xml
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature failed
Error: failed to create and sign template
Adding a signature template to the above file and using the --sign
command works. It is also possible to successfully verify the signed
file using the public key.
xmlsec1 --sign --privkey-pem private_key.pem test-sig.xml
I'm obviously missing something fundamental here...
Any pointers would be greatly appreciated.
Regards,
Atul
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
