[xmlsec] Is certificate needed when signing?
Aleksey Sanin
aleksey at aleksey.com
Mon Jul 7 08:04:46 PDT 2008
Nope, certificate is not needed for signing. In this example
certificate is used to carry the public key for the verification
purposes.
Aleksey
wz qiang wrote:
> Hello,
> In http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html
>
> Before siging a node,
>
> /* load private key, assuming that there is not password */
>
> dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
> if(dsigCtx->signKey == NULL) {
> fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
>
> goto done;
> }
>
> /* load certificate and add to the key */
> if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, xmlSecKeyDataFormatPem) < 0) {
> fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", cert_file);
>
> goto done;
> }
>
>
> I wonder whether the second step (load certificate) is needed for
> signing? In principle, private key is enough, right? I also test with
> loading certificate and without loading certificate, both signature can
> be verified.
>
> Appretiate in advance
>
> Weizhong
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list