[Pyxmlsec-devel] xmlsec in python

Dolf Andringa dolfandringa at gmail.com
Wed Feb 22 11:29:44 CET 2012

Hey Dieter (and everyone else):

I tried converting the private key to DER format, but to no avail. I tried
the following two approaches, on the same machine as I am running python
(i386 linux machine).

On the commandline:
openssl rsa -inform PEM -outform DER -in private_key_file.pem -out

I Python:


I tried both methods, and always got the error:
!= NULL:error=100:assertion:
library function failed:
library function

when reading DER version of the keyfile.

I did all of this on the same machine, so the problem of amd64 vs i386
shouldn't be a problem right?



On 22 February 2012 09:44, Dolf Andringa <dolfandringa at gmail.com> wrote:

> Hi Dieter,
> Thanks a lot. I know the DER format, just didn't know it is a binary
> format. Ik know how to convert to the DER format using openssl. I might
> also be able to do it on the fly using M2Crypto. We'll see. Thanks a lot
> for the help! I'll check if it work in a few minutes, and post the solution
> to the list for posterity.
> Cheers,
> Dolf.
> On 22 February 2012 09:27, Dieter Maurer <dieter at handshake.de> wrote:
>> Dear Dolf,
>> Dolf Andringa wrote at 2012-2-22 08:36 +0100:
>> >Thanks a lot for the help. Yeah, I am not fluent in C, but I next time I
>> >will first take a look. The keyfile is indeed in PEM format. I was indeed
>> >confused about the "Binary" part in xmlSecReadBinaryFile. I have never
>> >heard of binary key files. Do you have any tips on how to convert a PEM
>> >encoded file to a binary key file?
>> Under "*nix", the "openssl" command is able to perform all kinds
>> of operations related to keys and certificates. When I remember
>> right, it can also convert between different formats
>> (using the options "-inform" and "-outform"). However,
>> the set of its subcommands and their options is huge. It may take
>> some time before you find the correct way to perform the conversion
>> (I do not have the details at hand).
>> The binary format is called "Der" format.
>> An easier alternative could be to use a different way to load the key.
>> I, for examle, use:
>> import xmlsec
>> xmlsec.cryptoAppKeyLoad('key.pem',  xmlsec.KeyDataFormatPem, None, None,
>> None)
>> I am not sure that it will work for encryption keys (I tried only
>> with signature keys). The information that the key is
>> an RSA key (and not something else) will need to come from a
>> different place. In the signature case, it comes from the
>> "Algorithm" attribute of the "ds:Signature" node.
>> When I have read the "xml-encryption" standard (some years ago)
>> I have found some similarities with "xml-signature".
>> Therefore, I am quite confident that there are ways to
>> specify the algorithm to use with XML. However, your
>> example might not use them.
>> >Is it just a matter of base64 unencoding
>> >the PEM encoded data and reading that using xmlsec.KeyReadBuffer? Or is
>> >there an openssl or other way to convert the keyfile?
>> The PEM has at least an additional envelope around the base64 encode
>> binary data. I do not know the format sufficiently to confirm
>> that this is the only difference. Use an "official" way to
>> convert (if necessary).
>> --
>> Dieter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.labs.libre-entreprise.org/pipermail/pyxmlsec-devel/attachments/20120222/b1bbc6e6/attachment-0001.html>

More information about the Pyxmlsec-devel mailing list