Ok, a bit more info. The xmlsec utility will verify the signature without being passed the pem file separately, so it apparently is able to suck the key from the signature. I'm trying to create a minimal size code set that demonstrates the problem, I'll post that when I have it.
<br><br><div class="gmail_quote">On Dec 4, 2007 10:29 AM, Aleksey Sanin <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Try this one then xmlSecOpenSSLAppKeyCertLoadMemory()<br><br>Aleksey<br><div class="Ih2E3d"><br>Jim Nutt wrote:<br>> No joy. It refuses to load the key. The irony is that I can use the<br>> xmlsec utility and pass it the name of the temp file I create with the
<br>> key and it will load and verify. It just won't do it in my program.<br>> Here's the errors I'm seeing:<br>><br>> func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=260:obj=unknown:subj=d2i_PrivateKey_bio
<br>> and d2i_PUBKEY_bio:error=4:crypto library function failed:<br>> func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec<br>> library function failed:
<br>> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key<br>> is not found:<br>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
<br>> library function failed:<br>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec<br>> library function failed:<br>><br>> The signature will verify with the xmlsec utility if I pass it the cert,
<br>> just not from my program. My next step is to reduce things to the bare<br>> essentials and try again<br>><br>> On Dec 4, 2007 2:03 AM, Aleksey Sanin <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com
</a><br></div><div><div></div><div class="Wj3C7c">> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>>> wrote:<br>><br>> xmlSecOpenSSLAppKeyLoadMemory() ???<br>><br>> Aleksey
<br>><br>> Jim Nutt wrote:<br>> > Ok, I'm pulling my hair out on this one. I'm trying to verify an xml<br>> > signature based on the x509 certificate embedded in the keyinfo<br>> and I
<br>> > can not get it to work. If I verify using the same pem file I<br>> used for<br>> > signing, it verifies ok, so I know the signature is valid. The<br>> problem<br>> > is getting it to validate without going to the original pem file.
<br>> I've<br>> > tried the straight forward method of letting xmlSecDSigVerify<br>> load the<br>> > key, but it can't find the key in signature. I've even tried<br>> writing the
<br>> > base64 data to a file (bracketed with -----BEGIN CERTIFICATE-----<br>> and<br>> > -----END CERTIFICATE-----) and then loading that file as the<br>> > certificate. It refuses to read the file. And yes, I know the
<br>> file is a<br>> > valid pem file because openssl x509 -in filename -text reads it<br>> just fine.<br>> ><br>> > Any suggestions would be greatly appreciated, as I'm on a time
<br>> crunch on<br>> > this (now... wasn't when I started... *sigh*)<br>> ><br>> > --<br>> > Jim Nutt<br>> > <a href="http://jim.nuttz.org" target="_blank">
http://jim.nuttz.org</a> <<a href="http://jim.nuttz.org" target="_blank">http://jim.nuttz.org</a>><br>> ><br>> ><br>> ><br>> ------------------------------------------------------------------------
<br>> ><br>> > _______________________________________________<br>> > xmlsec mailing list<br></div></div>> > <a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a> <mailto:
<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>><br><div><div></div><div class="Wj3C7c">> > <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec
</a><br>> <<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a>><br>><br>><br>><br>><br>> --<br>> Jim Nutt<br>> <a href="http://jim.nuttz.org" target="_blank">
http://jim.nuttz.org</a><br></div></div></blockquote></div><br><br clear="all"><br>-- <br>Jim Nutt<br><a href="http://jim.nuttz.org">http://jim.nuttz.org</a>