[xmlsec] Is certificate needed when signing?
wz qiang
weizhongqiang at gmail.com
Mon Jul 7 08:17:43 PDT 2008
hello,
Thanks.
The certificate will be put into dsig:X509Data for verification
Weizhong
On Mon, Jul 7, 2008 at 5:05 PM, chia pern hui <iceasky at gmail.com> wrote:
>
> Hi
>
> I think calling xmlSecCryptoAppKeyCertLoad will append
> the cert to the signed document. This can be useful depending
> on the use case.
>
> Cheers,
> Pern hui
>
> On Mon, Jul 7, 2008 at 5:51 PM, wz qiang <weizhongqiang at gmail.com> wrote:
> > Hello,
> > In http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html
> >
> > Before siging a node,
> >
> > /* load private key, assuming that there is not password */
> >
> > dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
> > xmlSecKeyDataFormatPem, NULL, NULL, NULL);
> > if(dsigCtx->signKey == NULL) {
> > fprintf(stderr,"Error: failed to load private pem key from
> > \"%s\"\n", key_file);
> >
> > goto done;
> > }
> >
> > /* load certificate and add to the key */
> > if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
> > xmlSecKeyDataFormatPem) < 0) {
> > fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n",
> > cert_file);
> >
> > goto done;
> > }
> >
> > I wonder whether the second step (load certificate) is needed for signing?
> > In principle, private key is enough, right? I also test with loading
> > certificate and without loading certificate, both signature can be verified.
> >
> > Appretiate in advance
> >
> > Weizhong
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >
> >
>
>
>
> --
> Best regards,
> Pern Hui
More information about the xmlsec
mailing list