[xmlsec] ECDSA signature verification

Timothy Legge timlegge at gmail.com
Fri Mar 5 04:01:07 PST 2021


Hi
> On Thu, Mar 04, 2021 at 11:40:51PM -0400, Timothy Legge <timlegge at gmail.com> wrote:
> >             <dsig:KeyInfo>
> >                              <dsig:KeyValue>
>
> Is there any reason why you specify KeyValue directly? If you wrap your
> key into an x509 cert and use <X509Data>, that should work, see e.g.
> tests/aleksey-xmldsig-01/enveloping-sha256-ecdsa-sha256.xml.

Couple of reasons that don't make a lot of sense.  First, it is closer
to DSA so the current code was easy to modify.  Secondly, there were
not a lot of example xml files (I either missed the one you mentioned
or I got stuck on the first reason.  Third is likely the fact that it
is a documented method that can be used...

Adding X509Data was next on my list.  I don't have any use cases or
users asking for ecdsa but I would like to get it added before I need
it.

Thanks

Tim


More information about the xmlsec mailing list