[xmlsec] Verifying a signature against a PEM certificate

Aleksey Sanin aleksey@aleksey.com
Thu, 21 Nov 2002 07:55:04 -0800


You can also load public key in the keys manager, set a name for it and use
<dsig:KeyName/> to specify the desired name.

Aleksey

Asbjørn Oskal wrote:

> Hi!
>  
> As I understand there are two ways to verify a signature against 
> public keys not included in the signature itself.
>  
> Either load the public key and send it as a parameter to the 
> xmlSecDSigValidate function or to add the public key to the Keymanager 
> and use the xmlSecKeyOriginKeyManager flag so that the key manager are 
> searched for a key to use when verifying.
>  
> I have tried both but does not break through.
>  
> I could not find a way to load a usable (public) xmlSecKey.
> I tried to use xmlSecKeyReadPemCert and it read the file but then the 
> keydata in the xmlSecKeyPtr was NULL and the key was rejected when I 
> tried to use it.
>  
> I the tried to use the xmlSecSimpleKeysMngrLoadPemKey but it does not 
> accept PEM-files starting with
> "-----BEGIN CERTIFICATE-----" which my certificate dooes.
> As I understand it is the PEM_read_PUBKEY openssl function that 
> rejects the file.
> Do external certificates have to be on this format or are there any 
> other ways to load public keys from PEM certificatefiles starting 
> with "-----BEGIN CERTIFICATE-----"?
>  
> :)