[xmlsec] Verifying a signature against a PEM certificate
aleksey at aleksey.com
Thu Nov 21 07:55:04 PST 2002
You can also load public key in the keys manager, set a name for it and use
<dsig:KeyName/> to specify the desired name.
Asbjørn Oskal wrote:
> As I understand there are two ways to verify a signature against
> public keys not included in the signature itself.
> Either load the public key and send it as a parameter to the
> xmlSecDSigValidate function or to add the public key to the Keymanager
> and use the xmlSecKeyOriginKeyManager flag so that the key manager are
> searched for a key to use when verifying.
> I have tried both but does not break through.
> I could not find a way to load a usable (public) xmlSecKey.
> I tried to use xmlSecKeyReadPemCert and it read the file but then the
> keydata in the xmlSecKeyPtr was NULL and the key was rejected when I
> tried to use it.
> I the tried to use the xmlSecSimpleKeysMngrLoadPemKey but it does not
> accept PEM-files starting with
> "-----BEGIN CERTIFICATE-----" which my certificate dooes.
> As I understand it is the PEM_read_PUBKEY openssl function that
> rejects the file.
> Do external certificates have to be on this format or are there any
> other ways to load public keys from PEM certificatefiles starting
> with "-----BEGIN CERTIFICATE-----"?
More information about the xmlsec