Getting "KEY-NOT-FOUND" with xmlsec1 on macos

My attempt to sign a simple XML document with xmlsec1 is failing on MacOS due to:

$ xmlsec1 --sign --output doc-signed.xml --privkey-pem keysncerts/userkey.pem doc.xml
Enter password for "keysncerts/userkey.pem" file:
Signature status: FAILED
Failure reason: KEY-NOT-FOUND
Error: failed to sign file "doc.xml"

The example key and xml document are taken directory from this Tutorial. This example works on RedHat Linux and Windows, but fails on MacOS. I have tried this with both Big Sur/x86 and Ventura/M1.

I used brew to install xmlsec:

brew install xmlsec1

Despite the error message, I am confident the key is found because same key/xml are signed successfully on other platforms, and because of the prompt for password on the key file. I have also tried locally generating a public/private key pair with a brew installed version of openssl, but signing still fails for the same reason.

I found a solution related to a recent update to libxmlsec that impacted pip installations on macos. This python-xmlsec issue has different symptoms. But the solution is a brew install with the previous known working libxmlsec version 1.2.37.

I followed the work around instructions they provided. Now running the command 'xmlsec1 --sign --output doc-signed.xml --privkey-pem keysncerts/userkey.pem doc.xml' completes successfully. Additional, xmlsec calls from python are working as well.

Once the fix is deployed, I'd recommend reinstalling the latest brew version again.