Yes
xmlSecDSigCtx::keyInfoReadCtx->enabledKeyData
xmlSecDSigCtx::keyInfoWriteCtx->enabledKeyData
Aleksey
[EMAIL PROTECTED] wrote:
Yes you are right !!! I forgot about that.
You mean the "--enabled-key-data" list in the command line utility ?
Where is this in the API ? in the Ctx ?
----- Original Message ----
From: Aleksey Sanin <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Jürgen Heiss <[EMAIL PROTECTED]>; xmlsec@aleksey.com
Sent: Wednesday, May 31, 2006 2:31:14 PM
Subject: Re: [xmlsec] RE: Need urgent help for verify
> Does it not make sense to check X509Certificate first ? Or must we
> consciously remove KeyName to avoid problems in the mscrypto world where
> the chances of actually having the public verification certificate in
> the verifiers mscrypto store is remote at best ?
>
I think, that either signer or verifier should decide if KeyName
makes sense for him/her or not. In xmlsec, there is a way to disable
KeyName usage for verification, for example.
Aleksey
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec