[xmlsec] RE: Need urgent help for verify

Jürgen Heiss jheiss at Mesonic.com
Wed May 31 23:39:45 PDT 2006


Hi everybody,

Well you are right, its really the Keyname. So if I remove the Keyname it works.
But of course the document isn't anymore valid. Is there a way always to ignore the keyname and use the the certificate by verify a signed document?
 
What is the 

xmlSecDSigCtx::keyInfoReadCtx->enabledKeyData
xmlSecDSigCtx::keyInfoWriteCtx->enabledKeyData


For? How must I use them?

Thanks I advance.


Jürgen

-----Original Message-----
From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On Behalf Of Aleksey Sanin
Sent: Mittwoch, 31. Mai 2006 22:20
To: ed.shallow at rogers.com; xmlsec at aleksey.com
Subject: Re: [xmlsec] RE: Need urgent help for verify

Yes

xmlSecDSigCtx::keyInfoReadCtx->enabledKeyData
xmlSecDSigCtx::keyInfoWriteCtx->enabledKeyData

Aleksey

ed.shallow at rogers.com wrote:
> Yes you are right !!! I forgot about that.
>  
> You mean the "--enabled-key-data" list in the command line utility ? 
> Where is this in the API ? in the Ctx ?
> 
> ----- Original Message ----
> From: Aleksey Sanin <aleksey at aleksey.com>
> To: ed.shallow at rogers.com
> Cc: Jürgen Heiss <jheiss at Mesonic.com>; xmlsec at aleksey.com
> Sent: Wednesday, May 31, 2006 2:31:14 PM
> Subject: Re: [xmlsec] RE: Need urgent help for verify
> 
>  > Does it not make sense to check X509Certificate first ? Or must we  
> > consciously remove KeyName to avoid problems in the mscrypto world 
> where  > the chances of actually having the public verification 
> certificate in  > the verifiers mscrypto store is remote at best ?
>  >
> I think, that either signer or verifier should decide if KeyName makes 
> sense for him/her or not. In xmlsec, there is a way to disable KeyName 
> usage for verification, for example.
> 
> Aleksey
_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec



More information about the xmlsec mailing list