hello,<br>Thanks.<br>I user the following code to load public key from a certificate:<br><br>pubkey2 = xmlSecKeyCreate();<br>xmlSecCryptoAppKeyCertLoad(pubkey2, "cert.pem", xmlSecKeyDataFormatPem);<br>dsigCtx->signKey = pubkey2;<br>
if (xmlSecDSigCtxVerify(dsigCtx, signature_nd) < 0) {<br> xmlSecDSigCtxDestroy(dsigCtx);<br> if (keys_manager) xmlSecKeysMngrDestroy(keys_manager);<br> std::cerr<<"Signature verification failed (with trusted ca path)"<<std::endl;<br>
return false;<br> }<br><br>But I got the error:<br><br>func=xmlSecKeyMatch:file=keys.c:line=703:obj=unknown:subj=xmlSecKeyIsValid(key):error=100:assertion:<br>func=xmlSecOpenSSLEvpSignatureSetKey:file=signatures.c:line=263:obj=unknown:subj=xmlSecKeyCheckId(key, ctx->keyId):error=100:assertion:<br>
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=882:obj=unknown:subj=xmlSecTransformSetKey:error=1:xmlsec library function failed:transform=rsa-sha1<br>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:<br>
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:<br><br><br>How ever if I load the key from a public key file (which is convert from certificate by using openssl command), it works well.<br>
<br>Some hint?<br><br>Thanks<br>Weizhong<br><br><br><div class="gmail_quote">On Mon, Jun 30, 2008 at 4:20 AM, Aleksey Sanin <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<a href="https://www.aleksey.com/xmlsec/api/xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYFROMCERTLOADBIO" target="_blank">https://www.aleksey.com/xmlsec/api/xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYFROMCERTLOADBIO</a><br>
<br>
Aleksey<br>
<br>
wz qiang wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">
hello Aleksey and Ed,<br>
I use:<br>
openssl x509 -inform pem -in cert.pem -pubkey -noout > publickey.pem<br>
to extract the public key from certificate, and then load the public key into keymanager:<br>
key = xmlSecCryptoAppKeyLoad(publickeyfile, xmlSecKeyDataFormatPem, NULL, NULL, NULL);<br>
xmlSecCryptoAppDefaultKeysMngrAdoptKey(keys_mngr, key);<br>
It seems to work.<br>
My following question is, is there some api in xmlsec which I can use to extract public key directly from certificate. I know in openssl there is X509_get_pubkey(certfile), but the return type is EVP_PKEY, here we need xmlSecKeyPtr.<br>
Thanks<br>
Weizhong<br>
<br>
<br></div><div><div></div><div class="Wj3C7c">
On 6/26/08, *Aleksey Sanin* <<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>> wrote:<br>
<br>
Ah, I see.... I guess it is a copy/paste error for the comment :)<br>
<br>
Aleksey<br>
<br>
<br>
Ed Shallow wrote:<br>
<br>
I believe Weizhong is asking why is the "private" key being<br>
loaded if one simply wants to encrypt.<br>
<br>
Loading a public certificate in .pem should be appropriate.<br>
<br>
Why is private even mentioned ?<br>
<br>
<br>
Aleksey Sanin wrote:<br>
<br>
The session key is created for you automatically if you specify<br>
that you want AES, DES, ... encryption for the data. Look at the<br>
xmlsec/tests/ examples.<br>
<br>
<br>
Aleksey<br>
<br>
wz qiang wrote:<br>
<br>
hi Aleksey and others,<br>
In encrypt3.c, there is one line for loading private key.<br>
/* load private RSA key */<br>
key = xmlSecCryptoAppKeyLoad(key_file,<br>
xmlSecKeyDataFormatPem, NULL, NULL, NULL);<br>
I my understanding, normally the public key is used for<br>
encrypting the session key, and then on the other side<br>
private key is used for decrypting the session key<br>
(session key is used for encrypting the data). So my<br>
question is, how I can do like that by using xmlsec API?<br>
Thanks in advance<br>
Weizhong Qiang<br>
<br>
<br>
------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
xmlsec mailing list<br></div></div>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><div class="Ih2E3d"><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
<br>
_______________________________________________<br>
xmlsec mailing list<br></div>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><div class="Ih2E3d"><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
<br>
<br>
_______________________________________________<br>
xmlsec mailing list<br></div>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><div class="Ih2E3d"><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
<br>
_______________________________________________<br>
xmlsec mailing list<br></div>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><div class="Ih2E3d"><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
<br>
<br>
</div></blockquote>
</blockquote></div><br>