[xmlsec] An enhance feature to xmlsec-nss engine

Tej Arora tejbiz at aol.com
Fri Jul 25 09:23:26 PDT 2003

Hi Andrew,

Thanks for fixing the problem. I suspect that the
*KeyDataX509VerifyAndExtractKey function in openssl
also does the same thing.... It would help if you send
your code changes to the list.

It would be great if you can add your sample program to examples -
this would be a good example illustrating use of nss.


Andrew Fan wrote:

 > Hi Tej,
 > I want to check whether my application can run on the new xmlsec-nss
 > crypto engine. So I prepare a signature template with X509Data( Issuer
 > and Serial ), I hope that the keys manager will help me find the key
 > from keys store with the help of X509Data. But I failed.  At high level
 > application, I do nothing except prepare a signature template and some
 > initialization. I had expected it will be work. But not. So I check the
 > sources, finally, I find something in X509.c. When reading XML X509
 > data, it successfully retrieve certificate defaultly. But when verify
 > and extract key ( xmlSecNssKeyDataX509VerifyAndExtractKey ), it only
 > retrieve public key( xmlSecNssX509CertGetKey ) no matter the request
 > from keyInfoCtx( keyInfoCtx->keyReq.keyType ). I think it should check
 > the key info request, if the request type is private, it should retrieve
 > private key; if public, the public key. I change some codes in my
 > workspcae according to above requirement. I work now.  I think, it is a
 > important features.
 > Andrew
 > _______________________________________________
 > xmlsec mailing list
 > xmlsec at aleksey.com
 > http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list