Hello Aleksey, I've used the RSA key from my smartcard by it is still being recognized as a public key. Is it because, as a smart card RSA key, it doesn't have the d member (because the private key never leaves the smart card)?
Regards, Pablo 2016-11-09 8:43 GMT-02:00 Pablo G. Gallardo <[email protected]>: > Hi Aleksey, > > Thank you! You are right. xmlSecKeyGetType(key) returned 1 (public key). I'll > check why is it recognized as a public key. As you said, I'm not passing the > correct key object (RSA), just adopting EVP_PKEY. > > I'll fix that and then I'll came with the result. > > Thank you! > > Pablo > > Em 9 de novembro de 2016 00:17:27 BRST, Aleksey Sanin <[email protected]> > escreveu: >>Assuming that the key type matches the requested signature type >>in the template (i.e. RSA signatures require RSA keys)... >> >>Can you try to print the key type with >> >>xmlSecKeyGetType(key) >> >>Basically, I suspect that it doesn't recognize the key as private >>thus can't find a proper key for the signature. >> >>Best, >> >>Aleksey >> >>On 11/8/16 5:05 PM, Pablo Gabriel Gallardo wrote: >>> Hello there! >>> >>> I want to use xmlsec to sign XMLs with a smart card. I'm using libp11 >>> and when I call xmlSecDSigCtxSign(), it returns -1 and I'm getting >>> this error: >>> >>> >>func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key >>> is not found: >>> >>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec >>> library function failed: >>> >>func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec >>> library function failed: >>> Error: signature failed >>> >>> I use xmlSecOpenSSLEvpKeyAdopt() to set the EVP_PKEY from my smart >>> card but I'm sure that I am missing something. >>> >>> Could someone please help me to see what else I should be doing to >>> make this work? I've checked this mailing list and someone in 2008 >>had >>> the same problem but he didn't mention how to solve it. >>> >>> Here are the parts I've modified from sign3.c. Complete source is on >>> >>https://github.com/pablogallardo/livrenfe/blob/development/src/sign.c: >>> >>> static xmlSecKeyPtr load_key(const char *pwd) { >>> >>> xmlSecKeyPtr key = NULL; >>> xmlSecKeyDataPtr data; >>> EVP_PKEY *pKey = NULL; >>> int ret; >>> >>> pKey = get_private_key(pwd); >>> if(pKey == NULL) >>> return NULL; >>> >>> data = xmlSecOpenSSLEvpKeyAdopt(pKey); >>> if(data == NULL) { >>> EVP_PKEY_free(pKey); >>> return NULL; >>> } >>> >>> key = xmlSecKeyCreate(); >>> if(key == NULL) { >>> xmlSecKeyDataDestroy(data); >>> return NULL; >>> } >>> >>> ret = xmlSecKeySetValue(key, data); >>> if(ret < 0) { >>> xmlSecKeyDestroy(key); >>> xmlSecKeyDataDestroy(data); >>> return NULL; >>> } >>> return key; >>> } >>> >>> int sign_file(const char* xml_file, char *password) { >>> >>> ..... >>> >>> >>> /* load private key */ >>> dsigCtx->signKey = load_key(password); >>> if(dsigCtx->signKey == NULL) { >>> fprintf(stderr,"Error: failed to load private key from >>smartcard\n"); >>> goto done; >>> } >>> >>> /* load certificate and add to the key >>> if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, >>> xmlSecKeyDataFormatPem) < 0) { >>> fprintf(stderr,"Error: failed to load pem certificate >>> \"%s\"\n", cert_file); >>> goto done; >>> }*/ >>> >>> /* set key name to the file name, this is just an example! >>> if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { >>> fprintf(stderr,"Error: failed to set key name for key from >>> \"%s\"\n", key_file); >>> goto done; >>> } */ >>> >>> /* sign the template */ >>> if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) { >>> fprintf(stderr,"Error: signature failed\n"); >>> goto done; >>> } >>> >>> .... >>> } >>> >>> >>> >>> Thank you! >>> >>> Pablo G. Gallardo >>> _______________________________________________ >>> xmlsec mailing list >>> [email protected] >>> http://www.aleksey.com/mailman/listinfo/xmlsec >>> > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
