[xmlsec] Verifying a signature against a PEM certificate
Aleksey Sanin
aleksey@aleksey.com
Thu, 21 Nov 2002 07:55:04 -0800
You can also load public key in the keys manager, set a name for it and use
<dsig:KeyName/> to specify the desired name.
Aleksey
Asbjørn Oskal wrote:
> Hi!
>
> As I understand there are two ways to verify a signature against
> public keys not included in the signature itself.
>
> Either load the public key and send it as a parameter to the
> xmlSecDSigValidate function or to add the public key to the Keymanager
> and use the xmlSecKeyOriginKeyManager flag so that the key manager are
> searched for a key to use when verifying.
>
> I have tried both but does not break through.
>
> I could not find a way to load a usable (public) xmlSecKey.
> I tried to use xmlSecKeyReadPemCert and it read the file but then the
> keydata in the xmlSecKeyPtr was NULL and the key was rejected when I
> tried to use it.
>
> I the tried to use the xmlSecSimpleKeysMngrLoadPemKey but it does not
> accept PEM-files starting with
> "-----BEGIN CERTIFICATE-----" which my certificate dooes.
> As I understand it is the PEM_read_PUBKEY openssl function that
> rejects the file.
> Do external certificates have to be on this format or are there any
> other ways to load public keys from PEM certificatefiles starting
> with "-----BEGIN CERTIFICATE-----"?
>
> :)