[xmlsec] Re: Verifying using Digital Certificates

Aleksey Sanin aleksey at aleksey.com
Fri Mar 19 18:43:51 PST 2004

Have you tried to run this example as described in the readme file:

	./verify3 sign3-res.xml rootcert.pem

Does it produce the same error? Which crypto library do you use?


Seetharama Rao Durbha wrote:
> Hi
> 	I am trying to use the verify3.c to see how the signed documents are
> validated using a certificate.
> 	What I found is that if I pass this program the certificate in a
> file with ----BEGN CERTIFICATE--- and -----END CERTIFICATE---- it does not
> take it, it says the following
> func=xmlSecKeysMngrGetKey:file=keys.c:line=989:obj=unknown:subj=xmlSecKeysMn
> grFindKey:error=1:xmlsec library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:sub
> j=unknown:error=45:key is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:s
> ubj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSig
> CtxSigantureProcessNode:error=1:xmlsec library function failed:
> Error: signature verify
> 	But when I pass it a file with both the certificate and the private
> key combined, it works. I would imagine that a signature needs to be
> verified only with the public key and the private key (which truly belongs
> to the signer only) should not be made available to the recipients of the
> signed document.
> 	Is there something I am missing here? Is there another way to do
> this? Please let me know if you need more information.
> Thank you in advance,
> Seetharama Rao Durbha
> Cell: 510-673-1843
> Office: 510-742-4228

More information about the xmlsec mailing list