[xmlsec] Trouble by verification

Aleksey Sanin aleksey at aleksey.com
Fri Aug 25 07:44:19 PDT 2006


Well, in this particular case, the key will not have certificate.
You signature has a valid RSA public key that xmlsec uses for
validation. And this key has not certificate attached to it!

I guess, you want xmlsec not to use the key from the RSAKeyValue
and instead lookup the key in the KeyManager (and find the key
with certificate). Probably, the simples way to achieve this would
be to disable (or to be precsise, not enable) the RSAKeyValue as
the key data source. In the xmlsec command line tool, check the
option "--enabled-key-data" or the enabledKeyData memeber of the
xmlSecKeyInfoCtx structure (search xmlsec command line tool source
file for an example!).

Aleksey




More information about the xmlsec mailing list