The template (tests/aleksey-xmldsig-01/x509data-test.tmpl) uses RSA signatures. You need to modify it to use GOST instead.
Aleksey On 3/21/14, 7:31 AM, Nikolay Shaplov wrote: > Hi! > > I am trying to sign xml with gost2001. > > I've built xmlsec from trunk and properly configured gost for openssl > > an example gost check passes well: > > $ apps/.libs/xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem > --verification-time "2006-04-01 00:00:00" > tests/aleksey-xmldsig-01/enveloped-gost.xml > > But now I am trying to sign an xml with gost. In order to check that I > do everything right, I try to do both gost and rsa: > > I do create keys > > $ mkdir my > $ /usr/local/ssl/bin/openssl req -new -x509 -nodes -newkey rsa -keyout > my/rsa.key -out my/rsa.pem -days 36500 > $ /usr/local/ssl/bin/openssl req -new -x509 -nodes -newkey gost2001 -pkeyopt > paramset:A -keyout my/gost2001.key -out my/gost2001.pem -days 36500 > > and then trying to sign: > > $ /usr/local/bin/xmlsec1 --sign --privkey-pem my/rsa.key > tests/aleksey-xmldsig-01/x509data-test.tmpl > #OK > > $ /usr/local/bin/xmlsec1 --sign --privkey-pem my/gost2001.key > tests/aleksey-xmldsig-01/x509data-test.tmpl > func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec > library function failed:. > func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key > is not found:. > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec > library function failed:. > func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec > library function failed:. > Error: signature failed. > Error: failed to sign file "tests/aleksey-xmldsig-01/x509data-test.tmpl" > > Also tried to specify public key cert, with the same result: > /usr/local/bin/xmlsec1 --sign --privkey-pem my/gost2001.key --pubkey-cert-pem > my/gost2001.pem tests/aleksey-xmldsig-01/x509data-test.tmpl > > RSA works well, but gost does not. Do I do something wrong here? > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
