[xmlsec] Signing a document with key and cert..

[Marius Kjeldahl]

Marius Kjeldahl wrote:
> I'm trying to create signed xml documents and verify that they are 
> correctly signed, but I'm having trouble.
> 
> Using the xmlsec examples,

Here I really mean the examples on the xmlSec homepage. I have not looked into 
the xmlsec tool which comes with the xmlsec distribution.

> I am able to create signed documents, but 
> they all fail when I paste them into the online verifier (I guess when 
> it works there, I am ready to try to do the same locally). I understand 
> that any unsigned key will probably not be verified correctly, so I 
> downloaded the "fake" root cert and corresponding private key. I further 
> signed my local private key using the "fake" root cert.
> 
> So far I have not been able to find an example on how to use my key AND 
> the cert. An old posting from Aleksey mentions using 
> "xmlSecSimpleKeyMngrAddCertToKey, but I can find no such function. I 
> have also tried loading the key first, then the cert into the same 
> keysmngr using SimpleKeysMngrLoadPemKey followed by a 
> SimpleKeysMngrLoadPemCert, but I am not sure whether this means that the 
> cert will be used when signing (if I try to validate a document after 
> loading the key and cert, it will still not be verified with the online 
> verifier). I have also tried putting the key and cert into the same file 
> and load it with *LoadPemKey, but still no luck.
> 
> Does anybody have an example on what needs to be done to create a signed 
> document that can be verified with the online verifier, or any hints on 
> what needs to be done?
> 
> Thanks,
> 


-- 
Mvh, Marius Kjeldahl