[xmlsec] How to find the signing certificate?

Aleksey Sanin aleksey at aleksey.com
Thu Apr 15 09:07:49 PDT 2004

In the xmlSecDSigContext object


there is a "signKey" that member that points to the
signature key. The certificates chain is stored in
this key data under xmlSecKeyDataX509Id.
Note that the certificate format is specific to the crypto


Erwann Abalea wrote:
> Hello,
> I'm still gaining XP points by playing with xmlsec. ;)
> I'm facing a new challenge. When I verify a signature and the
> corresponding X509 certificate, I need to get the certificate used to
> perform the signature. The goal is to add it to the keys manager, to later
> encrypt data for this entity.
> I found that by searching into signNode (defined here as:
> signNode = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
> ), I can find the "KeyInfo" node, then go below and search for the
> "X509Data" node, then below and search for the "X509Certificate" node, and
> get its content. Is that the only way to do it? Isn't there a readily
> written function to perform the same task?
> If not, it's OK, I just would like to know...
> Thanks.

More information about the xmlsec mailing list