Assuming that the key type matches the requested signature type in the template (i.e. RSA signatures require RSA keys)...
Can you try to print the key type with xmlSecKeyGetType(key) Basically, I suspect that it doesn't recognize the key as private thus can't find a proper key for the signature. Best, Aleksey On 11/8/16 5:05 PM, Pablo Gabriel Gallardo wrote: > Hello there! > > I want to use xmlsec to sign XMLs with a smart card. I'm using libp11 > and when I call xmlSecDSigCtxSign(), it returns -1 and I'm getting > this error: > > func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key > is not found: > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec > library function failed: > func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec > library function failed: > Error: signature failed > > I use xmlSecOpenSSLEvpKeyAdopt() to set the EVP_PKEY from my smart > card but I'm sure that I am missing something. > > Could someone please help me to see what else I should be doing to > make this work? I've checked this mailing list and someone in 2008 had > the same problem but he didn't mention how to solve it. > > Here are the parts I've modified from sign3.c. Complete source is on > https://github.com/pablogallardo/livrenfe/blob/development/src/sign.c: > > static xmlSecKeyPtr load_key(const char *pwd) { > > xmlSecKeyPtr key = NULL; > xmlSecKeyDataPtr data; > EVP_PKEY *pKey = NULL; > int ret; > > pKey = get_private_key(pwd); > if(pKey == NULL) > return NULL; > > data = xmlSecOpenSSLEvpKeyAdopt(pKey); > if(data == NULL) { > EVP_PKEY_free(pKey); > return NULL; > } > > key = xmlSecKeyCreate(); > if(key == NULL) { > xmlSecKeyDataDestroy(data); > return NULL; > } > > ret = xmlSecKeySetValue(key, data); > if(ret < 0) { > xmlSecKeyDestroy(key); > xmlSecKeyDataDestroy(data); > return NULL; > } > return key; > } > > int sign_file(const char* xml_file, char *password) { > > ..... > > > /* load private key */ > dsigCtx->signKey = load_key(password); > if(dsigCtx->signKey == NULL) { > fprintf(stderr,"Error: failed to load private key from smartcard\n"); > goto done; > } > > /* load certificate and add to the key > if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, > xmlSecKeyDataFormatPem) < 0) { > fprintf(stderr,"Error: failed to load pem certificate > \"%s\"\n", cert_file); > goto done; > }*/ > > /* set key name to the file name, this is just an example! > if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { > fprintf(stderr,"Error: failed to set key name for key from > \"%s\"\n", key_file); > goto done; > } */ > > /* sign the template */ > if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) { > fprintf(stderr,"Error: signature failed\n"); > goto done; > } > > .... > } > > > > Thank you! > > Pablo G. Gallardo > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
