[xmlsec] how to load non-standard <KeyInfo/>

Aleksey Sanin aleksey at aleksey.com
Thu Jul 17 15:10:57 PDT 2008

Correct. But I would use DataRetrieval as an example.


wz qiang wrote:
> hello Aleksey,
> Thank you for your kind reply.
> Just to make sure that I understand you correctly. You meant that I need 
> to implement some special key data just like the 
> xmlSecOpenSSLKeyDataX509Klass in src/openssl/x509.c, and the 
> xmlSecKeyDataRetrieval method, finally I need to register it when by 
> using "xmlSecKeyDataIdsRegister"?
> Thanks a lot,
> Weizhong
> On 7/17/08, *Aleksey Sanin* <aleksey at aleksey.com 
> <mailto:aleksey at aleksey.com>> wrote:
>     The "right" way to do it is to create "key data" object for
>     reading/writing wsse:SecurityTokenReference node. Look at
>     xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval
>     for an example. Note that you don't need to modify xmlsec
>     source code. You can create your custom "key data" object
>     and then register in xmlsec from your application.
>     Aleksey
>     wz qiang wrote:
>         hi,
>         I am using the following node for <KeyInfo/> under <Signature/>
>         <KeyInfo><wsse:SecurityTokenReference><wsse:Reference
>         URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo>
>          When I verify it, of cause not like <X509Data/>, the above
>         <KeyInfo/> can not be loaded by xmlsec library automatically. So
>         how can I load it?
>         I try to parser the pubkey out from the binarytoken by using:
>         xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);
>         and then load the key into keymanager:
>         xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);
>          I also loaded the trusted ca certificate by using:
>         xmlSecCryptoAppKeysMngrCertLoad(...);
>          But it seem is the loaded trusted certificate does not effect
>         at all. Becase even if I comment the line
>         "xmlSecCryptoAppKeysMngrCertLoad", the verification also works.
>          SO I think the trust chain has not been checked.
>          Could you tell me how can I load the non-standard <KeyInfo/>,
>         and make the trusted chain checkin work as well.
>          Thanks in advance.
>          Weizhong Qiang
>         ------------------------------------------------------------------------
>         _______________________________________________
>         xmlsec mailing list
>         xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list