[xmlsec] Nodes in X509Data

Aleksey Sanin aleksey at aleksey.com
Sat Nov 20 08:07:31 PST 2010

1) pkcs12 file is a container. You can add/remove things freely

2) To get the serial number just add X509IssuerSerial node to
the template


On 11/20/10 2:14 AM, Pekka A wrote:
> Aleksey Sanin wrote:
>  >
>  > It's a feature :) You might want to simply create a new p12 file.
> Hello
> Thanks for your response. That crypted p12 certificate comes from Bank,
> so I am not sure if I am allowed to twiddle anything inside it, without
> breaking anything, I do have a key for it though.
> I understand if that is a current XmlSec feature, so it won't go away
> right away. But then the possible workarounds?
> It looks like a standard XML content anyway. Is there any XmlSec calls
> how I would be able to access those nodes and drop the first
> <X509Certificate> node away?
> Or if there aren't any, should I try to read the whole XML buffer out of
> XmlSec. Then maybe use XmlLib2 to do the changes, and write the buffer
> back to XmlSec? And after this, let XmlSec do the Singing part.
> Is there any chance this could work, and I would get a well signed XML
> as output?
>  > I am not sure what are you trying to do. These nodes are used to
>  > identify the certificate used for the signature. Not sure why do you
>  > want to pick these values yourself.
> Again, there's nothing I can do for this. It is a strict requirement
> from the bank, they want that X509SerialNumber to be visible there.
> If it would be possible to use the workaround described above, then I
> could add these nodes to the XML in my XmlLib2 code manually. Before the
> actual Signing call.
> Then I would need a bit of a help how to use XmlSec to read and get the
> X509SerialNumber value out the certificate.
> cheers
> Pekka A.

More information about the xmlsec mailing list