[xmlsec] Verifying signature with embedded x509 cert

Aleksey Sanin aleksey at aleksey.com
Tue Dec 4 17:19:45 PST 2007

Yes, it will get a key from the certificate! You need a trusted
certificate (e.g. root CA certificate) to have the certificate
in the signature verified.


Jim Nutt wrote:
> Ok, a bit more info. The xmlsec utility will verify the signature 
> without being passed the pem file separately, so it apparently is able 
> to suck the key from the signature. I'm trying to create a minimal size 
> code set that demonstrates the problem, I'll post that when I have it.

More information about the xmlsec mailing list