I would guess this error means that signature type should match the key type (i.e. if template has DSA signature then DSA key is needed).
Aleksey On 11/9/16 4:04 AM, Alexopoulou, Georgia wrote: > Hello Aleksey, > > Thanks a lot for your quick response. > I compiled the code with the latest changes and I still have the same error. > The error appears only when RSA keys are used. > When I generated a DSA key and tried to sign everything worked fine. > > See the new error output below: > > ../xmlsec1 sign --privkey-pem rsakey.pem --output signrsa.xml sign1-tmpl.xml > func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=498:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto > library function failed:openssl error: 101101678: digital envelope routines: > EVP_SignFinal wrong public key type > func=xmlSecTransformDefaultPushBin:file=transforms.c:line=2235:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec > library function failed:final=1 > func=xmlSecTransformIOBufferClose:file=transforms.c:line=2919:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec > library function failed: > func=xmlSecTransformC14NPushXml:file=c14n.c:line=279:obj=c14n:subj=xmlOutputBufferClose:error=5:libxml2 > library function failed: > func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1264:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec > library function failed:transform=c14n > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=647:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec > library function failed: > func=xmlSecDSigCtxSign:file=xmldsig.c:line=323:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec > library function failed: > Error: signature failed > Error: failed to sign file "sign1-tmpl.xml" > > > I cannot understand what the "wrong public key type" means. But when I > generate a new RSA key with openssl and try that I still get the same error. > > > Regards, > Georgia > > > -----Original Message----- > From: Aleksey Sanin [mailto:[email protected]] > Sent: Wednesday, November 09, 2016 4:11 AM > To: Alexopoulou, Georgia; [email protected] > Subject: Re: [xmlsec] xmlsec1 sign problem with openssl 1.0.2j > > I modified the OpenSSL error reporting to print out more details > (https://github.com/lsh123/xmlsec/pull/57). It's merged into master and this > should help you with debugging. > > Best, > > Aleksey > > On 11/8/16 11:14 AM, Aleksey Sanin wrote: >> As a wild guess, I would suggest to check that you are loading correct >> versions of all the shared library. I'll add better reporting for >> openssl errors in a day or two -- this will help with debugging it >> further. >> >> Aleksey >> >> On 11/8/16 4:57 AM, Alexopoulou, Georgia wrote: >>> Hello to all, >>> >>> >>> >>> I have cross compiled libxmlsec1 for powerpc arch with openssl 1.0.2j >>> in order to use it in a project. >>> >>> I just run the examples in the example folder and I encountered the >>> following errors: >>> >>> >>> >>> ../xmlsec1 sign --crypto openssl --privkey rsakey.pem --output >>> signtest.xml sign1-tmpl.xml >>> >>> func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=522: >>> obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto >>> library function failed: >>> >>> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=2235:obj=rs >>> a-sha1:subj=xmlSecTransformExecute:error=1:xmlsec >>> library function failed:final=1 >>> >>> func=xmlSecTransformIOBufferClose:file=transforms.c:line=2919:obj=rsa >>> -sha1:subj=xmlSecTransformPushBin:error=1:xmlsec >>> library function failed: >>> >>> func=xmlSecTransformC14NPushXml:file=c14n.c:line=279:obj=c14n:subj=xm >>> lOutputBufferClose:error=5:libxml2 >>> library function failed: >>> >>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1264:obj=unk >>> nown:subj=xmlSecTransformPushXml:error=1:xmlsec >>> library function failed:transform=c14n >>> >>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=647:obj=un >>> known:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec >>> library function failed: >>> >>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=323:obj=unknown:subj=xmlSe >>> cDSigCtxSignatureProcessNode:error=1:xmlsec >>> library function failed: >>> >>> Error: signature failed >>> >>> Error: failed to sign file "sign1-tmpl.xml" >>> >>> >>> >>> Info: >>> >>> XMLSec version number: 1.2.23 >>> >>> The platform/compiler you are using: linux kernel 3.12.19-rt30 >>> powerpc >>> >>> The exact xmlsec utility command line: see above. Command at stated >>> in example README >>> >>> All the files mentioned in this command line: see above. I used the >>> files in example folder >>> >>> The xmlsec utility output: See above >>> >>> >>> >>> >>> >>> Kind regards, >>> >>> Georgia >>> >>> >>> >>> _______________________________________________ >>> xmlsec mailing list >>> [email protected] >>> http://www.aleksey.com/mailman/listinfo/xmlsec >>> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
