I have read through the threads concerning this issue as the following: http://www.aleksey.com/pipermail/xmlsec/2006/007519.html http://www.mail-archive.com/[email protected]/msg02523.html
I am working in the health sector in Norway as privat doctor. Coming up there will in the future be a mandatory claim to send messages via a MSH and ebXML, and the message.xml as Payload would have to be signed. At this stage xmlsec can be used for this with the following setup: 1. make ready the msg.xml with the necessary signature elements and pasted-in x509-cert added 2. run xmlsec1 as this: xmlsec1 [sign] [--privkey key-to-be-used.pem] [--trusted x509cert-to-be-used_ca.pem] [msg.xml] Verification test gives OK. The signature would have to be done with a personal key and not a organisational key as in the instance above. The key resides in a smartcard delivered from buypass.no and is the only standard until now. The buypass.no delivers an accessCD with the necessary PKCS11 machinery on. Installing this I get contact with the smartcard through Firefox. This edition is for linux, other edition exists for MS Windows. I apply linux to produce the msg.xml as a ready file. To sign the file for simplicity it doesnt matter weather I use Windows or linux, but the working day is on a linux machine, so I would prefer linux by choice. The msg.xml file is sent with "Hermes2" - CECID,Hong Kong University - as the Message Service Handler. I am so far able to pass all servers up to the point where the receiver actually is dealing with the content in the msg.xml directly. But here am I stopped because the signature has to be done with the key inside the smartcard, and the error message asks for the organisational cert to be exchanged with the personal cert. So the question is: How far am I from succeeding, what help can I get from you to achieve the missing part in this run? I am not a programmer able to write the eventual necessary programs myself, but maybe and hopefully only small configuration changes is necessary from this point on. Sincerely Yours, S. Storset -- Si St [email protected] -- http://www.fastmail.fm - The professional email service _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
