[xmlsec] Verifying a signature against a PEM certificate

Asbjørn Oskal asbjorn.oskal at welldiagnostics.com
Thu Nov 21 02:14:42 PST 2002


As I understand there are two ways to verify a signature against public keys not included in the signature itself.

Either load the public key and send it as a parameter to the xmlSecDSigValidate function or to add the public key to the Keymanager and use the xmlSecKeyOriginKeyManager flag so that the key manager are searched for a key to use when verifying.

I have tried both but does not break through.

I could not find a way to load a usable (public) xmlSecKey.
I tried to use xmlSecKeyReadPemCert and it read the file but then the keydata in the xmlSecKeyPtr was NULL and the key was rejected when I tried to use it.

I the tried to use the xmlSecSimpleKeysMngrLoadPemKey but it does not accept PEM-files starting with
"-----BEGIN CERTIFICATE-----" which my certificate dooes.
As I understand it is the PEM_read_PUBKEY openssl function that rejects the file.
Do external certificates have to be on this format or are there any other ways to load public keys from PEM certificatefiles starting with "-----BEGIN CERTIFICATE-----"?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20021121/b8f7905a/attachment.htm

More information about the xmlsec mailing list