All right, would this as PATH be sufficient?(this is the smartcard CERT in question;the KEY, in proper, is hidden in the smartcard and cannot be detached from it;):
<KeyName>/home/sigbj/gpg-des/newcorvus_cert_key/bpP83_S-cer.pem</KeyName> Xmlsec1 is still saying: func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "Template_KOM.xml" The smartcard reader is blinking like a Christmastree and the commandline prompt is naturally hanging a short while during this process pointing to the contact openssl has with the card. How is this to be interpreted? -- Si St [email protected] On Monday, October 24, 2011 6:41 AM, "Aleksey Sanin" <[email protected]> wrote: > With openssl, you need to load keys into xmlsec manually. With nss and > mscrypto, there are "default" keys storages that xmlsec can search. > > Aleksey > > On 10/24/11 3:52 AM, Si St wrote: > > Excuse my interruption here, > > but where is xmlsec1 searching to find the key in reference to the > > <KeyName/>? Where should the key/cert be placed so that xmlsec1 can find > > it (f.ex. among other keys)? Any specific directory? Remenber that > > xmlsec1 is /usr/local/bin/xmlsec1 with me, and I wonder where the > > program will search. In my particular case we are dealing with --crypto > > openssl > > -- > > Si St > > [email protected] <mailto:[email protected]> > > On Wednesday, October 19, 2011 9:33 PM, "EdShallow" > > <[email protected]> wrote: > >> OK, here is how it works with mscrypto and xmlsec 1.2.18 > >> > >> Example 1: > >> <KeyName>CA, GC, PWGSC-TPSGC, "Ed Shallow"</KeyName> > >> > >> Example 2 with a special character: > >> <KeyName>CA, GC, PWGSC-TPSGC, "Shallow, Ed"</KeyName> > >> > >> In other words, do not use the sub-type qualifiers in the DN string > >> i.e. cn= ou= o= c= > >> > >> Order is also important. > >> > >> Cheers, > >> Ed > >> > >> On Wed, Oct 19, 2011 at 7:38 PM, EdShallow <[email protected] > >> <mailto:[email protected]>> wrote: > >> > >> OK. Give me a day or so and I will check the source to see if > >> anything has changed in the CAPI calls. > >> > >> On Oct 19, 2011 7:29 PM, "Aleksey Sanin" <[email protected] > >> <mailto:[email protected]>> wrote: > >> > >> Not that I am aware of. > >> > >> Aleksey > >> > >> On 10/19/11 2:02 PM, EdShallow wrote: > >> > >> . . . sorry forgot to mention, this behavior is with mscrypto > >> Ed > >> > >> ---------- Forwarded message ---------- > >> From: "EdShallow" <[email protected] > >> <mailto:[email protected]> <mailto:[email protected] > >> <mailto:[email protected]>>> > >> Date: Oct 19, 2011 3:55 PM > >> Subject: Use of full DistinguishedName in KeyName > >> To: "[email protected] <mailto:[email protected]> > >> <mailto:[email protected] <mailto:[email protected]>>" > >> <[email protected] <mailto:[email protected]> > >> <mailto:[email protected] <mailto:[email protected]>>> > >> > >> Hi Aleksey, > >> > >> Use of full DN in KeyName template element used to work in > >> oldwr > >> versions of xmlsec. > >> > >> As of 1.2.18 I can only get CommonName to work. > >> > >> Example: > >> This works > >> <KeyName>Shallow Ed</KeyName> > >> > >> This does not: > >> <KeyName>cn=Shallow Ed,ou=finance,o=acme,c=ca</KeyName> > >> > >> I receive an "Object or property cannot be found" message. > >> > >> Are there any constraints for naming? > >> > >> Ed > >> > >> > >> > >> _______________________________________________ > >> xmlsec mailing list > >> [email protected] <mailto:[email protected]> > >> http://www.aleksey.com/mailman/listinfo/xmlsec > >> > >> > >> > >> > >> -- > >> Ed's Contact Information: > >> Mobile Phone: 613-852-6410 > >> Gmail: [email protected] <mailto:[email protected]> > >> VOIP Address: [email protected] <mailto:[email protected]> > >> VOIP DID#: 613-458-5004 > >> Skype ID: edward.shallow > >> Home Phone: 613-482-2090 > >> > >> _______________________________________________ > >> xmlsec mailing list > >> [email protected] > >> http://www.aleksey.com/mailman/listinfo/xmlsec > >> > > > > -- > > http://www.fastmail.fm - Email service worth paying for. Try it for free > > > > > > > > _______________________________________________ > > xmlsec mailing list > > [email protected] > > http://www.aleksey.com/mailman/listinfo/xmlsec > -- http://www.fastmail.fm - IMAP accessible web-mail _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
