[xmlsec] Loading a DER-encoded certificate
aleksey at aleksey.com
Mon Apr 7 09:54:28 PDT 2003
Jesse Pelton wrote:
>Shucks. It seemed like such a good fit. What's xmlSecKeyReadBinaryFile()
>intended for? Is it specific to DES keys?
Yes. DES, AES, HMAC, etc.
>Before I clone a bunch of code, would xmlSecKeyDataBinRead() (which requires
>me to read the file off disk myself) be a better fit?
Well, I am not sure I have any other option for you. IMHO, using DER
is not as good as using PEM files.
>Maybe I'm completely wrong-headed about this. What I want to do is verfiy
>signatures using public keys from certificates. I also want to be able to
>inspect certificate contents (issuer, serial number, etc). I think this
>means that I need to load the keys into a keys manager (and give them names
>so they can be located by the signature code). Is there a better approach?
Well, it depends on what you actually want to do. The typical scenarion is:
0) load private key and assign certificates (xmlsec has two ways
to do this: pkcs12 files
and pem files, if you need to load der files then you have to
write a function by yourself);
1) prepare template with <dsig:X509Data/> node;
2) sign the document (this will put all the certificates
associated with the signature key in the signature)
0) load "trusted" (root) certificate
1) verify signature (xmlsec will read and verify certs and
extract key by itself).
More information about the xmlsec