[xmlsec] PEM Keys comparison

Aleksey Sanin aleksey at aleksey.com
Mon Jan 25 09:06:30 PST 2010

You can't always extract the key material for security reasons
(e.g. if key is stored on a hardware token). If you are using
OpenSSL, then you need to get EVP_PKEY pointer and then use
something like EVP_PKEY_cmp() function:



On 1/25/2010 8:52 AM, Juan Luis Prieto Martinez wrote:
> Hi all,
> I am building a library for a project using xmlSec as the main API.
> The main problem I am facing is the comparison of 2 keys extracted from a pem certificates. To do so I try to extract a key from a file and the other is passed to me by a parameter of my funciton, the parameter is already a xmlSecKey structure.
> To get the first Key I do this:
>          nCert0 = xmlSecCryptoAppKeyCertLoad(key0, certfile, xmlSecKeyDataFormatPem);
> I am not able to handle the crypto material inside the key. So it is the case with the parameter that I use to compare with.
> I have tried different approaches to this issue with no success, please have you ever had this issue before?
> If not can you tell me once you get the xmlSecKeyDataPtr how to extract the value to see the key?
> Kind Regards
> Juan Luis
> ------------------------------------------------------------------
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive
> this e-mail in error, please notify the sender immediately and destroy it.
> As its integrity cannot be secured on the Internet, the Atos Origin
> group liability cannot be triggered for the message content. Although
> the sender endeavours to maintain a computer virus-free network,
> the sender does not warrant that this transmission is virus-free and
> will not be liable for any damages resulting from any virus transmitted.
> Este mensaje y los ficheros adjuntos pueden contener informacion confidencial
> destinada solamente a la(s) persona(s) mencionadas anteriormente
> pueden estar protegidos por secreto profesional.
> Si usted recibe este correo electronico por error, gracias por informar
> inmediatamente al remitente y destruir el mensaje.
> Al no estar asegurada la integridad de este mensaje sobre la red, Atos Origin
> no se hace responsable por su contenido. Su contenido no constituye ningun
> compromiso para el grupo Atos Origin, salvo ratificacion escrita por ambas partes.
> Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor
> no puede garantizar nada al respecto y no sera responsable de cualesquiera
> danos que puedan resultar de una transmision de virus.
> ------------------------------------------------------------------
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list