[xmlsec] Verifying a signature against a PEM certificate

Aleksey Sanin aleksey at aleksey.com
Fri Nov 22 08:15:00 PST 2002


xmlSecSimpleKeysMngrLoadPemCert() reads cert from file and adds 
it to the list of trusted or untrusted certs known by keys manager.
Later this cert could be used during certs verification process
(<dsig:X509Data> node processing): trusted cers are ones that can
"terminate" certificates chain (for example, root CA cert should be
"trusted") and untrusted certs are used to construct certs chain
for verification.

xmlSecSimpleKeysMngrLoadPemCert() *does not* load key. It's only
a cert.


Aleksey.

>Thanks for the fast answer.
>
>I have read the documentation of xmlSecSimpleKeysMngrLoadPemCert but it does
>not make clear how the certificate loaded can be used in the verification
>process.
>Should this be done together with setting the flag
>xmlSecKeyOriginKeyManager?
>I tried that but I could not get it to work. Should it?
>
>Or should I use the flag xmlSecKeyOriginKeyName? But what is then the key of
>the certificate I load with xmlSecSimpleKeysMngrLoadPemCert? If I sign with
>dsig:KeyName set to something it will have have to match the keyname of the
>certificate loaded into the keys manager. But as far as I can see there is
>no way of specifying keyname when loading a certificate with
>xmlSecSimpleKeysMngrLoadPemCert.
>
>:)
>
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>  
>






More information about the xmlsec mailing list