[xmlsec] Re: Invalid certificate
Aleksey Sanin
aleksey at aleksey.com
Wed Sep 24 12:22:46 PDT 2003
Yes, you are right. This needs to be fixed (including the "mixed" key
type issue).
I would look at this tonight to see how bad is the change (i.e. how many
files
would be affected).
Aleksey
Wouter wrote:
>>Ok, now we are getting somewhere :) The problem is that test (and all
>>other xmlsec-crypto
>>libraries) expect this file to be public key in DER format. Not a
>>certificate. We already have
>>several key types: DER/PEM/PKCS12 and it sounds like there
>>needs to be
>>one or two more:
>>public key with a cert in DER/PEM formats. I would need to
>>think about
>>that. I am not sure
>>that I want to package this changes in the initial xmlsec-mscrypto
>>release. Probably we can
>>file a but and deal with this later. I am glad that now we understand
>>the problem :)
>>
>>
>
>I was mislead by the fact that the header file where the keytype DER is
>defined has a comment the type can also be used for certificates.
>Because of the limitation with MS Crypto API in supported formats of
>keys to be loaded, you can imagine it definitely needs support for
>loading a key by their certificate, or are their other ways to encrypt
>for example with a public key that is only available in the certificate?
>
>However currently mscrypto support will try to load .der key files as fi
>they contain certificates(!). What to do with that?
>
>Wouter
>
>
More information about the xmlsec
mailing list