Re: [xmlsec] xmlsec1 and pkcs11

Tue, 09 Feb 2021 11:11:45 -0800 

All known to me use cases for reading keys from token do not use CLI :)

Aleksey

On 2/9/21 10:59 AM, Jaromir Talir wrote:

Hi Aleksey,

I'm afraid this needs much deeper understanding of internals than I
have. It's quite surprising nobody tried it in 15? years. Maybe author
of libreoffice xmlsec client could assist in debugging where this PIN
enters the API and than CLI could be updated to follow the same path?

Regards,
Jaromir

On Tue, 2021-02-09 at 08:19 -0800, Aleksey Sanin wrote:

Hi Jaromir,

I never tested passing password to the token from CLI. If you can
debug it then I would gladly accept patches :)

Best,

Aleksey

On 2/9/21 1:42 AM, Jaromir Talir wrote:

Hi Miklos,

I tried LibreOffice with NSS backend and I was able to sign ODT
document with the key on the token. I was asked for PIN in GUI.

So the question for the audience is - how to pass PIN to NSS in
xmlsec1
cli?

The last possible problem can be in KeyName so the other question
is -
is the described process to guess KeyName from token correct?

Regards,
Jaromir

On Tue, 2021-02-09 at 09:46 +0100, Miklos Vajna wrote:

Hi Jaromir,

On Mon, Feb 08, 2021 at 10:16:17PM +0100, Jaromir Talir
<[email protected]> wrote:

good to hear you have succeeded. I played with nss and pkcs11
and
seems
like I'm almost there but still not fully. I guess I managed to
get
over task how to find proper keyname but xmlsec1 still cannot
find
the
key in the token. I suspect that problem may be in PIN code
(i.e
"123456") that needs to be entered and I'm not sure if xmlsec1
"--
pwd"
parameter is used for this.


To be clear, we only use the library part of xmlsec1, it's
invoked by
LibreOffice. Perhaps see if your HW works with LibreOffice (try
to
sign
e.g. an ODT file), and if so, track down how your code vs xmlsec1
cli
vs
LibreOffice uses the xmlsec1 library?

Seeing you're on Linux, I only tried this with the NSS backend of
xmlsec1.

Regards,

Miklos



_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec





_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to