[xmlsec] Re: Invalid certificate

Aleksey Sanin aleksey at aleksey.com
Wed Sep 24 12:22:46 PDT 2003

Yes, you are right. This needs to be fixed (including the "mixed" key 
type issue).
I would look at this tonight to see how bad is the change (i.e. how many 
would be affected).


Wouter wrote:

>>Ok, now we are getting somewhere :) The problem is that test (and all 
>>other xmlsec-crypto
>>libraries) expect this file to be public key in DER format. Not a 
>>certificate. We already have
>>several key types: DER/PEM/PKCS12 and it sounds like there 
>>needs to be 
>>one or two more:
>>public key with a cert in DER/PEM formats. I would need to 
>>think about 
>>that. I am not sure
>>that I want to package this changes in the initial xmlsec-mscrypto 
>>release. Probably we can
>>file a but and deal with this later. I am glad that now we understand 
>>the problem :)
>I was mislead by the fact that the header file where the keytype DER is
>defined has a comment the type can also be used for certificates.
>Because of the limitation with MS Crypto API in supported formats of
>keys to be loaded, you can imagine it definitely needs support for
>loading a key by their certificate, or are their other ways to encrypt
>for example with a public key that is only available in the certificate?
>However currently mscrypto support will try to load .der key files as fi
>they contain certificates(!). What to do with that? 

More information about the xmlsec mailing list