[xmlsec] An enhance feature to xmlsec-nss engine

Andrew Fan Andrew.Fan at sun.com
Fri Jul 25 01:15:24 PDT 2003


Hi Tej,

I want to check whether my application can run on the new xmlsec-nss 
crypto engine. So I prepare a signature template with X509Data( Issuer 
and Serial ), I hope that the keys manager will help me find the key 
from keys store with the help of X509Data. But I failed.  At high level 
application, I do nothing except prepare a signature template and some 
initialization. I had expected it will be work. But not. So I check the 
sources, finally, I find something in X509.c. When reading XML X509 
data, it successfully retrieve certificate defaultly. But when verify 
and extract key ( xmlSecNssKeyDataX509VerifyAndExtractKey ), it only 
retrieve public key( xmlSecNssX509CertGetKey ) no matter the request 
from keyInfoCtx( keyInfoCtx->keyReq.keyType ). I think it should check 
the key info request, if the request type is private, it should retrieve 
private key; if public, the public key. I change some codes in my 
workspcae according to above requirement. I work now.  I think, it is a 
important features.

Andrew




More information about the xmlsec mailing list