Hi Aleksey, Thank you! You are right. xmlSecKeyGetType(key) returned 1 (public key). I'll check why is it recognized as a public key. As you said, I'm not passing the correct key object (RSA), just adopting EVP_PKEY.
I'll fix that and then I'll came with the result. Thank you! Pablo Em 9 de novembro de 2016 00:17:27 BRST, Aleksey Sanin <[email protected]> escreveu: >Assuming that the key type matches the requested signature type >in the template (i.e. RSA signatures require RSA keys)... > >Can you try to print the key type with > >xmlSecKeyGetType(key) > >Basically, I suspect that it doesn't recognize the key as private >thus can't find a proper key for the signature. > >Best, > >Aleksey > >On 11/8/16 5:05 PM, Pablo Gabriel Gallardo wrote: >> Hello there! >> >> I want to use xmlsec to sign XMLs with a smart card. I'm using libp11 >> and when I call xmlSecDSigCtxSign(), it returns -1 and I'm getting >> this error: >> >> >func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key >> is not found: >> >func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec >> library function failed: >> >func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec >> library function failed: >> Error: signature failed >> >> I use xmlSecOpenSSLEvpKeyAdopt() to set the EVP_PKEY from my smart >> card but I'm sure that I am missing something. >> >> Could someone please help me to see what else I should be doing to >> make this work? I've checked this mailing list and someone in 2008 >had >> the same problem but he didn't mention how to solve it. >> >> Here are the parts I've modified from sign3.c. Complete source is on >> >https://github.com/pablogallardo/livrenfe/blob/development/src/sign.c: >> >> static xmlSecKeyPtr load_key(const char *pwd) { >> >> xmlSecKeyPtr key = NULL; >> xmlSecKeyDataPtr data; >> EVP_PKEY *pKey = NULL; >> int ret; >> >> pKey = get_private_key(pwd); >> if(pKey == NULL) >> return NULL; >> >> data = xmlSecOpenSSLEvpKeyAdopt(pKey); >> if(data == NULL) { >> EVP_PKEY_free(pKey); >> return NULL; >> } >> >> key = xmlSecKeyCreate(); >> if(key == NULL) { >> xmlSecKeyDataDestroy(data); >> return NULL; >> } >> >> ret = xmlSecKeySetValue(key, data); >> if(ret < 0) { >> xmlSecKeyDestroy(key); >> xmlSecKeyDataDestroy(data); >> return NULL; >> } >> return key; >> } >> >> int sign_file(const char* xml_file, char *password) { >> >> ..... >> >> >> /* load private key */ >> dsigCtx->signKey = load_key(password); >> if(dsigCtx->signKey == NULL) { >> fprintf(stderr,"Error: failed to load private key from >smartcard\n"); >> goto done; >> } >> >> /* load certificate and add to the key >> if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, >> xmlSecKeyDataFormatPem) < 0) { >> fprintf(stderr,"Error: failed to load pem certificate >> \"%s\"\n", cert_file); >> goto done; >> }*/ >> >> /* set key name to the file name, this is just an example! >> if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { >> fprintf(stderr,"Error: failed to set key name for key from >> \"%s\"\n", key_file); >> goto done; >> } */ >> >> /* sign the template */ >> if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) { >> fprintf(stderr,"Error: signature failed\n"); >> goto done; >> } >> >> .... >> } >> >> >> >> Thank you! >> >> Pablo G. Gallardo >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
