[xmlsec] creating a ds:KeyInfo object

[Aleksey Sanin]

Smith Baylor wrote:
 > But, I don't have a ds:Signature object :-(  I just have a KeyInfo 
object.
 >
 > In the example shown, xmlSecDSigCtxSign(dsigCtx, signNode)
 > automagically does this.  As I am not creating a ds:Signature object,
 > I can't use this.
 >
 > smith

Well, you are trying to do something un-usual thus you have to do some
homework yourself :)

You need to do 3 things:
	
1) Load key with certificate:
     /* load private key, assuming that there is not password */
     dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
                     xmlSecKeyDataFormatPem, NULL, NULL, NULL);
     if(dsigCtx->signKey == NULL) {
         fprintf(stderr,"Error: failed to load private pem key
                 from \"%s\"\n", key_file);
	goto done;
     }

     /* load certificate and add to the key */
     if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
                    xmlSecKeyDataFormatPem) < 0) {
         fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n",
                  cert_file);
	goto done;
     }

2) Add X509Data node to KeyInfo template:

     if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
	fprintf(stderr, "Error: failed to add X509Data node\n");
	goto done;		
     }

3) Write key into KeyInfo node with xmlSecKeyInfoNodeWrite() function
(note that you would need to create and then destroy xmlSecKeyInfoCtx
structure):

http://www.aleksey.com/xmlsec/api/xmlsec-keyinfo.html#XMLSECKEYINFONODEWRITE


The example shows how to do steps 1) and 2). Grep xmlsec sources for
xmlSecKeyInfoNodeWrite() and xmlSecKeyInfoCtx usage.

Aleksey