[xmlsec] creating a ds:KeyInfo object

Aleksey Sanin aleksey at aleksey.com
Thu Dec 30 22:52:01 PST 2004

Smith Baylor wrote:
 > But, I don't have a ds:Signature object :-(  I just have a KeyInfo 
 > In the example shown, xmlSecDSigCtxSign(dsigCtx, signNode)
 > automagically does this.  As I am not creating a ds:Signature object,
 > I can't use this.
 > smith

Well, you are trying to do something un-usual thus you have to do some
homework yourself :)

You need to do 3 things:
1) Load key with certificate:
     /* load private key, assuming that there is not password */
     dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
                     xmlSecKeyDataFormatPem, NULL, NULL, NULL);
     if(dsigCtx->signKey == NULL) {
         fprintf(stderr,"Error: failed to load private pem key
                 from \"%s\"\n", key_file);
	goto done;

     /* load certificate and add to the key */
     if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
                    xmlSecKeyDataFormatPem) < 0) {
         fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n",
	goto done;

2) Add X509Data node to KeyInfo template:

     if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
	fprintf(stderr, "Error: failed to add X509Data node\n");
	goto done;		

3) Write key into KeyInfo node with xmlSecKeyInfoNodeWrite() function
(note that you would need to create and then destroy xmlSecKeyInfoCtx


The example shows how to do steps 1) and 2). Grep xmlsec sources for
xmlSecKeyInfoNodeWrite() and xmlSecKeyInfoCtx usage.


More information about the xmlsec mailing list