On 2017-08-12 19:08, majkl majkl wrote:
> I am sorry, but I can not get it.
> 
> Yes, I've found the same question in one historic -very historic- list, but 
> no solution.
> 
> What I am supposed to do to use key on token to sign in xmlsec, please? Use 
> appropriate openssl config? 
> I have spent a whole week by searching for it, no luck. It works only when I 
> directly run opennsl from command line.
> 
> I am supposed to patch xmlsec sources? Or openssl sources? Does xmlsec uses 
> its own libraries for openssl engine, 
> or it uses system/openssl shared libraries? 
> 
> I am quite lost in this moment, but I really need to sign xmls with token.
> 

When I reached this point I gave up and rolled my own.

Find pyXMLSecurity - supports pkcs11. There is a cmdline in there
for signing.

> Thanks,
> 
>                     Michal
> 
> 
> ******************************
> 
> Sure. I think it will work for a simple use cases when there is only
> one key. And yes, for anything more sophisticated custom code is required.
> 
> Aleksey
> 
> On 8/9/17 10:58 AM, Roumen Petrov wrote:
>>/Aleksey Sanin wrote: />>/It was discussed in the mailing list in the past. 
>>You need to />>/create openssl config file to use the engine by default and 
>>/>/Hmm, in general this configuration will not work. />//>/Engines that 
>>operate with keys material stored externally cannot be set />/as default - 
>>usually this break operations with keys stored differently />/(file and 
>>etc.). />//>>/pass it to xmlsec1 command line tool. />/Perhaps it will work 
>>for simple command line case with single key. />//>/On other side openssl 
>>command line option -engine specify where is />/located key (call method 
>>ENGINE_load_private_key). />//>/Regards, />/Roumen/
> 
> 
> 2017-08-08 21:12 GMT+02:00 Aleksey Sanin <alek...@aleksey.com
> <mailto:alek...@aleksey.com>>:
> 
>     It was discussed in the mailing list in the past. You need to
>     create openssl config file to use the engine by default and
>     pass it to xmlsec1 command line tool.
> 
>     Aleksey
> 
>     On 8/1/17 12:56 AM, majkl majkl wrote:
>     > I need to sign XML documents with certificate and key, stored on USB
>     > token. I have Linux library (.so) with API, which works in openssl
>     > (command line) and also in Firefox, for example.
>     >
>     > I need to tell xmlsec to use the token library to access the key. (Or,
>     > when crypto openssl is used, make opensl work as it is run with
>     -keyform
>     > ENGINE -engine pkcs11 -inkey ABC -passin pass:PASS).
>     >
>     > Thanks, Michal
>     >
>     >
>     > _______________________________________________
>     > xmlsec mailing list
>     > xmlsec@aleksey.com <mailto:xmlsec@aleksey.com>
>     > http://www.aleksey.com/mailman/listinfo/xmlsec
>     <http://www.aleksey.com/mailman/listinfo/xmlsec>
>     >
> 
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec@aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to