[xmlsec] Loading a DER-encoded certificate
Aleksey Sanin
aleksey at aleksey.com
Mon Apr 7 09:54:28 PDT 2003
Jesse Pelton wrote:
>Shucks. It seemed like such a good fit. What's xmlSecKeyReadBinaryFile()
>intended for? Is it specific to DES keys?
>
>
Yes. DES, AES, HMAC, etc.
>Before I clone a bunch of code, would xmlSecKeyDataBinRead() (which requires
>me to read the file off disk myself) be a better fit?
>
>
Well, I am not sure I have any other option for you. IMHO, using DER
certificates
is not as good as using PEM files.
>Maybe I'm completely wrong-headed about this. What I want to do is verfiy
>signatures using public keys from certificates. I also want to be able to
>inspect certificate contents (issuer, serial number, etc). I think this
>means that I need to load the keys into a keys manager (and give them names
>so they can be located by the signature code). Is there a better approach?
>
>
Well, it depends on what you actually want to do. The typical scenarion is:
- signature:
0) load private key and assign certificates (xmlsec has two ways
to do this: pkcs12 files
and pem files, if you need to load der files then you have to
write a function by yourself);
1) prepare template with <dsig:X509Data/> node;
2) sign the document (this will put all the certificates
associated with the signature key in the signature)
- verification:
0) load "trusted" (root) certificate
1) verify signature (xmlsec will read and verify certs and
extract key by itself).
Aleksey
More information about the xmlsec
mailing list