[xmlsec] how can I use the public key for encryption

wz qiang weizhongqiang at gmail.com
Fri Jun 27 16:34:18 PDT 2008


hello Aleksey and Ed,
I use:
openssl x509 -inform pem -in cert.pem -pubkey -noout > publickey.pem

to extract the public key from certificate, and then load the public key
into keymanager:
 key = xmlSecCryptoAppKeyLoad(publickeyfile, xmlSecKeyDataFormatPem, NULL,
NULL, NULL);
xmlSecCryptoAppDefaultKeysMngrAdoptKey(keys_mngr, key);

It seems to work.

My following question is, is there some api in xmlsec which I can use to
extract public key directly from certificate. I know in openssl there is
X509_get_pubkey(certfile), but the return type is EVP_PKEY, here we need
xmlSecKeyPtr.

Thanks
Weizhong



On 6/26/08, Aleksey Sanin <aleksey at aleksey.com> wrote:
>
> Ah, I see.... I guess it is a copy/paste error for the comment :)
>
> Aleksey
>
> Ed Shallow wrote:
>
>> I believe Weizhong is asking why is the "private" key being loaded  if one
>> simply wants to encrypt.
>>
>> Loading a public certificate  in .pem  should  be appropriate.
>>
>> Why is private even mentioned ?
>>
>>
>> Aleksey Sanin wrote:
>>
>>> The session key is created for you automatically if you specify
>>> that you want AES, DES, ... encryption for the data. Look at the
>>> xmlsec/tests/ examples.
>>>
>>>
>>> Aleksey
>>>
>>> wz qiang wrote:
>>>
>>>> hi Aleksey and others,
>>>>  In encrypt3.c, there is one line for loading private key.
>>>>      /* load private RSA key */
>>>>    key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL,
>>>> NULL, NULL);
>>>>  I my understanding, normally the public key is used for encrypting the
>>>> session key, and then on the other side private key is used for decrypting
>>>> the session key (session key is used for encrypting the data). So my
>>>> question is, how I can do like that by using xmlsec API?
>>>>   Thanks in advance
>>>> Weizhong Qiang
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
>>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080628/c6955920/attachment-0002.htm


More information about the xmlsec mailing list