I am sorry, but I can not get it.
Yes, I've found the same question in one historic -very historic-
list, but no solution.
What I am supposed to do to use key on token to sign in xmlsec,
please? Use appropriate openssl config?
I have spent a whole week by searching for it, no luck. It works only
when I directly run opennsl from command line.
I am supposed to patch xmlsec sources? Or openssl sources? Does xmlsec
uses its own libraries for openssl engine,
or it uses system/openssl shared libraries?
I am quite lost in this moment, but I really need to sign xmls with token.
Thanks,
Michal
******************************
Sure. I think it will work for a simple use cases when there is only
one key. And yes, for anything more sophisticated custom code is required.
Aleksey
*>>* It was discussed in the mailing list in the past. You need to
*>>* create openssl config file to use the engine by default and
*>* Hmm, in general this configuration will not work.
*> >* Engines that operate with keys material stored externally cannot be set
*>* as default - usually this break operations with keys stored differently
*>* (file and etc.).
*> >>* pass it to xmlsec1 command line tool.
*>* Perhaps it will work for simple command line case with single key.
*> >* On other side openssl command line option -engine specify where is
*>* located key (call method ENGINE_load_private_key).
*> >* Regards,
*>* Roumen*
Post by Aleksey SaninIt was discussed in the mailing list in the past. You need to
create openssl config file to use the engine by default and
pass it to xmlsec1 command line tool.
Aleksey
Post by majkl majklI need to sign XML documents with certificate and key, stored on USB
token. I have Linux library (.so) with API, which works in openssl
(command line) and also in Firefox, for example.
I need to tell xmlsec to use the token library to access the key. (Or,
when crypto openssl is used, make opensl work as it is run with -keyform
ENGINE -engine pkcs11 -inkey ABC -passin pass:PASS).
Thanks, Michal
_______________________________________________
xmlsec mailing list
http://www.aleksey.com/mailman/listinfo/xmlsec