[xmlsec] Sign XML using EVP_PKEY and X509 cert in memory
Aleksey Sanin
aleksey at aleksey.com
Fri Aug 13 11:13:22 PDT 2010
You can load PKCS12 key+cert directly from xmlsec, take a look
at xmlSecCryptoAppPkcs12Load() and xmlSecCryptoAppPkcs12LoadMemory()
functions. Or xmlsec-openssl specific call
xmlSecOpenSSLAppPkcs12LoadBIO().
Otherwise, if you want to parse PKCS12 container yourself, take
a look at xmlsec-openssl specific functions in
xmlsec/openssl/evp.h and xmlsec/openssl/x509.h. Something like
xmlSecOpenSSLEvpKeyAdopt(), xmlSecOpenSSLKeyDataX509AdoptKeyCert(),
and xmlSecOpenSSLKeyDataX509AdoptCert(). For details on how to use
these functions, best of all study the source code for the
xmlSecOpenSSLAppPkcs12LoadBIO() function. It makes all the right
calls in the right order :)
Aleksey
On 8/13/2010 11:05 AM, Duh Crab wrote:
>
>
>
>
> I am trying to sign XML using the pkey and X509 cert in a pkcs12 file.
>
>
> I extracted the pkey and cert from the pkcs12 file using the following -
>
> EVP_PKEY *pkey;
>
> X509 *cert;
>
> PKCS12 *p12;
>
>
>
> p12 = d2i_PKCS12_fp(fp, NULL);
>
> PKCS12_parse(p12, passphrase,&pkey,&cert,&ca);
>
>
>
> I now want to use the pkey and cert from above to sign xml using xmlsec.
>
> How do I use these with the following api's?
>
> xmlSecCryptoAppKeyLoadMemory()
>
> xmlSecOpenSSLAppKeyCertLoadMemory()
>
>
>
> If I save the pkey and cert above to the filesystem and then call -
>
> xmlSecCryptoAppKeyLoad() and xmlSecCryptoAppKeyCertLoad() (along with other xmlsec api's), everything works well and I
>
> am able to sign the XML.
>
>
>
> However, there are cases where I do not have access to the filesystem and need to use pkey and cert from memory.
>
>
>
> Thanks,
>
> Sri
>
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list