[xmlsec] Key certificates in XMLSec 0.1.1

Jesse Pelton jsp at PKC.com
Fri Apr 4 06:45:32 PST 2003

I'm exploring XMLSec 0.1.1.

Background item 1: The OpenSSL implementation provides for storing and
retrieving a keyCert, which is the certificate that is associated with the
private key (in a PKCS12 file, for instance). PKCS12 loading is not
implemented in XMLSec's NSS and GnuTLS engines.

Background item 2: The simple keys store load and save routines do not
handle this certificate. I'm writing my own keys manager and keys store
routines, and I'd like to persist this information.

The question: Assuming I have my facts straight, what's the best (robust and
forward-compatible) way to obtain and set the key certificate? Since I'm
using OpenSSL (at the moment), I can use
xmlSecOpenSSLKeyDataX509GetKeyCert() and
xmlSecOpenSSLKeyDataX509AdoptKeyCert(), but I'd prefer to use function names
not tied to the implementation (like the xmlSecCrypto...() macros). Have I
missed something? Are there plans for something of this sort? (I imagine
that if they're not already there,it's because of uncertainty about
implementation details in the other engines.)

More information about the xmlsec mailing list