No joy. It refuses to load the key. The irony is that I can use the xmlsec utility and pass it the name of the temp file I create with the key and it will load and verify. It just won't do it in my program. Here's the errors I'm seeing:
<br><br>func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=260:obj=unknown:subj=d2i_PrivateKey_bio and d2i_PUBKEY_bio:error=4:crypto library function failed: <br>func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec
library function failed: <br>func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: <br>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed: <br>func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: <br><br>The signature will verify with the xmlsec utility if I pass it the cert, just not from my program. My next step is to reduce things to the bare essentials and try again
<br><br><div class="gmail_quote">On Dec 4, 2007 2:03 AM, Aleksey Sanin <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
xmlSecOpenSSLAppKeyLoadMemory() ???<br><br>Aleksey<br><div><div></div><div class="Wj3C7c"><br>Jim Nutt wrote:<br>> Ok, I'm pulling my hair out on this one. I'm trying to verify an xml<br>> signature based on the x509 certificate embedded in the keyinfo and I
<br>> can not get it to work. If I verify using the same pem file I used for<br>> signing, it verifies ok, so I know the signature is valid. The problem<br>> is getting it to validate without going to the original pem file. I've
<br>> tried the straight forward method of letting xmlSecDSigVerify load the<br>> key, but it can't find the key in signature. I've even tried writing the<br>> base64 data to a file (bracketed with -----BEGIN CERTIFICATE----- and
<br>> -----END CERTIFICATE-----) and then loading that file as the<br>> certificate. It refuses to read the file. And yes, I know the file is a<br>> valid pem file because openssl x509 -in filename -text reads it just fine.
<br>><br>> Any suggestions would be greatly appreciated, as I'm on a time crunch on<br>> this (now... wasn't when I started... *sigh*)<br>><br>> --<br>> Jim Nutt<br></div></div>> <a href="http://jim.nuttz.org" target="_blank">
http://jim.nuttz.org</a> <<a href="http://jim.nuttz.org" target="_blank">http://jim.nuttz.org</a>><br>><br>><br>> ------------------------------------------------------------------------<br>><br>> _______________________________________________
<br>> xmlsec mailing list<br>> <a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a><br>> <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec
</a><br></blockquote></div><br><br clear="all"><br>-- <br>Jim Nutt<br><a href="http://jim.nuttz.org">http://jim.nuttz.org</a>