[xmlsec] RE: Need urgent help for verify
Jürgen Heiss
jheiss at Mesonic.com
Wed May 31 23:39:45 PDT 2006
Hi everybody,
Well you are right, its really the Keyname. So if I remove the Keyname it works.
But of course the document isn't anymore valid. Is there a way always to ignore the keyname and use the the certificate by verify a signed document?
What is the
xmlSecDSigCtx::keyInfoReadCtx->enabledKeyData
xmlSecDSigCtx::keyInfoWriteCtx->enabledKeyData
For? How must I use them?
Thanks I advance.
Jürgen
-----Original Message-----
From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On Behalf Of Aleksey Sanin
Sent: Mittwoch, 31. Mai 2006 22:20
To: ed.shallow at rogers.com; xmlsec at aleksey.com
Subject: Re: [xmlsec] RE: Need urgent help for verify
Yes
xmlSecDSigCtx::keyInfoReadCtx->enabledKeyData
xmlSecDSigCtx::keyInfoWriteCtx->enabledKeyData
Aleksey
ed.shallow at rogers.com wrote:
> Yes you are right !!! I forgot about that.
>
> You mean the "--enabled-key-data" list in the command line utility ?
> Where is this in the API ? in the Ctx ?
>
> ----- Original Message ----
> From: Aleksey Sanin <aleksey at aleksey.com>
> To: ed.shallow at rogers.com
> Cc: Jürgen Heiss <jheiss at Mesonic.com>; xmlsec at aleksey.com
> Sent: Wednesday, May 31, 2006 2:31:14 PM
> Subject: Re: [xmlsec] RE: Need urgent help for verify
>
> > Does it not make sense to check X509Certificate first ? Or must we
> > consciously remove KeyName to avoid problems in the mscrypto world
> where > the chances of actually having the public verification
> certificate in > the verifiers mscrypto store is remote at best ?
> >
> I think, that either signer or verifier should decide if KeyName makes
> sense for him/her or not. In xmlsec, there is a way to disable KeyName
> usage for verification, for example.
>
> Aleksey
_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list