<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Courier size=2>Hi!<BR></FONT></DIV>
<DIV><FONT face=Courier size=2>I seem to have found a solution to my
problem.</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2>I wanted to use a X509 pem certificate to
validate a signature but I did not</FONT></DIV>
<DIV><FONT face=Courier><FONT size=2>find a straightforward solution to load a
public key from a certificate.</FONT></FONT></DIV>
<DIV><FONT face=Courier><FONT size=2>I have struggled a bit to work this out but
</FONT></FONT><FONT face=Courier><FONT size=2>it turned out wasn't so bad
afterall. </FONT></FONT></DIV>
<DIV><FONT face=Courier><FONT size=2>Since I could not load a PEM certificate
directly I have to </FONT></FONT><FONT face=Courier><FONT size=2>get the (in my
case) </FONT></FONT></DIV>
<DIV><FONT face=Courier><FONT size=2>RSA public key from the certificate and
turn it into a xmlSecKeyPtr.</FONT></FONT></DIV>
<DIV><FONT face=Courier><FONT size=2></FONT></FONT> </DIV>
<DIV><FONT face=Courier><FONT size=2>Here is my function which does that
and returns an xmlSecKeyPtr:</FONT></FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2>static xmlSecKeyPtr
ReadPublicKeyFromPemCert(const char* certFile){<BR> xmlSecKeyPtr retval =
NULL; </FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2> // Load certificate from
file<BR> FILE* fid = fopen(certFile, "r");<BR> X509* pCert =
PEM_read_X509(fid, NULL, NULL, NULL);<BR> fclose(fid);</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2> // Get the public key from the
certificate<BR> EVP_PKEY *pPublicKey = X509_get_pubkey(pCert);</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier
size=2> if(!pPublicKey){<BR> printf("Failed to get public key
from cert\n");<BR> <BR> return NULL;<BR> }</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2> // I only handle RSA
keys<BR> if(pPublicKey->type == EVP_PKEY_RSA){<BR> retval =
xmlSecKeyCreate(xmlSecRsaKey,
xmlSecKeyOriginX509);<BR> if(xmlSecRsaKeyGenerate(retval,
pPublicKey->pkey.rsa) < 0){<BR> printf("Failed to
generate public key from RSA
key\n");<BR> xmlSecKeyDestroy(retval);<BR> EVP_PKEY_free(pPublicKey);<BR> <BR> return
NULL;<BR> }<BR> EVP_PKEY_free(pPublicKey);</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2> return
retval;<BR> }</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2> EVP_PKEY_free(pPublicKey);</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2> printf("Unknown public key type in
cert");<BR> <BR> return NULL;<BR>}<BR></FONT></DIV>
<DIV><FONT face=Courier size=2></FONT><FONT face=Courier><FONT
size=2></FONT> </DIV></FONT>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2>I then use this public key together with
</FONT><FONT face=Courier size=2>xmlSecDSigValidate and it seems to work
Ok.</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2>Please comment if you see something bad about
this.</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2>Thanks for all help!</FONT></DIV></BODY></HTML>