[xmlsec] Verifying a signature against a PEM certificate
Asbjørn Oskal
asbjorn.oskal@welldiagnostics.com
Thu, 21 Nov 2002 11:14:42 +0100
This is a multi-part message in MIME format.
------=_NextPart_000_0010_01C2914F.308A7760
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi!
As I understand there are two ways to verify a signature against public =
keys not included in the signature itself.
Either load the public key and send it as a parameter to the =
xmlSecDSigValidate function or to add the public key to the Keymanager =
and use the xmlSecKeyOriginKeyManager flag so that the key manager are =
searched for a key to use when verifying.
I have tried both but does not break through.
I could not find a way to load a usable (public) xmlSecKey.
I tried to use xmlSecKeyReadPemCert and it read the file but then the =
keydata in the xmlSecKeyPtr was NULL and the key was rejected when I =
tried to use it.
I the tried to use the xmlSecSimpleKeysMngrLoadPemKey but it does not =
accept PEM-files starting with
"-----BEGIN CERTIFICATE-----" which my certificate dooes.
As I understand it is the PEM_read_PUBKEY openssl function that rejects =
the file.
Do external certificates have to be on this format or are there any =
other ways to load public keys from PEM certificatefiles starting with =
"-----BEGIN CERTIFICATE-----"?
:)
------=_NextPart_000_0010_01C2914F.308A7760
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV></FONT></DIV>
<DIV>
<DIV><FONT face=3DArial size=3D2>As I understand there are two ways to =
verify a=20
signature against public keys </FONT><FONT face=3DArial size=3D2>not =
included in the=20
signature </FONT><FONT face=3DArial size=3D2>itself.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Either load the public key and send it =
as a=20
parameter to the </FONT><FONT face=3DArial size=3D2>xmlSecDSigValidate=20
function </FONT><FONT face=3DArial size=3D2>or to add the public =
key to the=20
Keymanager and use the xmlSecKeyOriginKeyManager flag so that the =
</FONT><FONT=20
face=3DArial size=3D2>key manager are searched for a key to use when=20
verifying.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I have tried both but does not break=20
through.</FONT></DIV></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I could not find a way to load a usable =
(public)=20
xmlSecKey.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I tried to use xmlSecKeyReadPemCert and =
it read the=20
file but then the keydata in the xmlSecKeyPtr was NULL and the key was =
rejected=20
when I tried to use it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I the tried to use the=20
xmlSecSimpleKeysMngrLoadPemKey but it </FONT><FONT face=3DArial =
size=3D2>does not=20
accept PEM-files starting with</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>"-----BEGIN CERTIFICATE-----" which my =
certificate=20
dooes.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>As I understand it is the =
PEM_read_PUBKEY openssl=20
function that rejects the file.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Do external certificates have to be on =
</FONT><FONT=20
face=3DArial size=3D2>this format or </FONT><FONT face=3DArial =
size=3D2>are there any=20
other ways to </FONT><FONT face=3DArial size=3D2>load public keys from =
PEM=20
certificatefiles starting with "</FONT><FONT face=3DArial =
size=3D2><FONT=20
face=3DArial size=3D2>-----BEGIN CERTIFICATE-----"?</FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>:)</FONT></DIV></BODY></HTML>
------=_NextPart_000_0010_01C2914F.308A7760--