On 2017-08-12 19:08, majkl majkl wrote: > I am sorry, but I can not get it. > > Yes, I've found the same question in one historic -very historic- list, but > no solution. > > What I am supposed to do to use key on token to sign in xmlsec, please? Use > appropriate openssl config? > I have spent a whole week by searching for it, no luck. It works only when I > directly run opennsl from command line. > > I am supposed to patch xmlsec sources? Or openssl sources? Does xmlsec uses > its own libraries for openssl engine, > or it uses system/openssl shared libraries? > > I am quite lost in this moment, but I really need to sign xmls with token. >
When I reached this point I gave up and rolled my own. Find pyXMLSecurity - supports pkcs11. There is a cmdline in there for signing. > Thanks, > > Michal > > > ****************************** > > Sure. I think it will work for a simple use cases when there is only > one key. And yes, for anything more sophisticated custom code is required. > > Aleksey > > On 8/9/17 10:58 AM, Roumen Petrov wrote: >>/Aleksey Sanin wrote: />>/It was discussed in the mailing list in the past. >>You need to />>/create openssl config file to use the engine by default and >>/>/Hmm, in general this configuration will not work. />//>/Engines that >>operate with keys material stored externally cannot be set />/as default - >>usually this break operations with keys stored differently />/(file and >>etc.). />//>>/pass it to xmlsec1 command line tool. />/Perhaps it will work >>for simple command line case with single key. />//>/On other side openssl >>command line option -engine specify where is />/located key (call method >>ENGINE_load_private_key). />//>/Regards, />/Roumen/ > > > 2017-08-08 21:12 GMT+02:00 Aleksey Sanin <[email protected] > <mailto:[email protected]>>: > > It was discussed in the mailing list in the past. You need to > create openssl config file to use the engine by default and > pass it to xmlsec1 command line tool. > > Aleksey > > On 8/1/17 12:56 AM, majkl majkl wrote: > > I need to sign XML documents with certificate and key, stored on USB > > token. I have Linux library (.so) with API, which works in openssl > > (command line) and also in Firefox, for example. > > > > I need to tell xmlsec to use the token library to access the key. (Or, > > when crypto openssl is used, make opensl work as it is run with > -keyform > > ENGINE -engine pkcs11 -inkey ABC -passin pass:PASS). > > > > Thanks, Michal > > > > > > _______________________________________________ > > xmlsec mailing list > > [email protected] <mailto:[email protected]> > > http://www.aleksey.com/mailman/listinfo/xmlsec > <http://www.aleksey.com/mailman/listinfo/xmlsec> > > > > > > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
