[xmlsec] newbie question - not including X509 certificate

Rich Salz rsalz at datapower.com
Fri Mar 12 15:31:11 PST 2004

> 	1) Is it possible to store client's public key on our site and just
> use it to validate the signature without having to read extract it from SOAP
> head?

Yes.  Aleksey will have to answer with a pointer to the specific
API's or CLI flags you'll need to use. :)

> 	2) Is this recommended practice?

It's perfectly fine to avoid the certificate.  I would, however, ask
your signer to include *some* identifier, so that later on you can
handle multiple signers without breaking.  Even a simple dsig:KeyName.


Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

More information about the xmlsec mailing list