Hello there! I want to use xmlsec to sign XMLs with a smart card. I'm using libp11 and when I call xmlSecDSigCtxSign(), it returns -1 and I'm getting this error:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed: Error: signature failed I use xmlSecOpenSSLEvpKeyAdopt() to set the EVP_PKEY from my smart card but I'm sure that I am missing something. Could someone please help me to see what else I should be doing to make this work? I've checked this mailing list and someone in 2008 had the same problem but he didn't mention how to solve it. Here are the parts I've modified from sign3.c. Complete source is on https://github.com/pablogallardo/livrenfe/blob/development/src/sign.c: static xmlSecKeyPtr load_key(const char *pwd) { xmlSecKeyPtr key = NULL; xmlSecKeyDataPtr data; EVP_PKEY *pKey = NULL; int ret; pKey = get_private_key(pwd); if(pKey == NULL) return NULL; data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { EVP_PKEY_free(pKey); return NULL; } key = xmlSecKeyCreate(); if(key == NULL) { xmlSecKeyDataDestroy(data); return NULL; } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(data); return NULL; } return key; } int sign_file(const char* xml_file, char *password) { ..... /* load private key */ dsigCtx->signKey = load_key(password); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to load private key from smartcard\n"); goto done; } /* load certificate and add to the key if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, xmlSecKeyDataFormatPem) < 0) { fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", cert_file); goto done; }*/ /* set key name to the file name, this is just an example! if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); goto done; } */ /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) { fprintf(stderr,"Error: signature failed\n"); goto done; } .... } Thank you! Pablo G. Gallardo _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
