Hi everybody, Well you are right, its really the Keyname. So if I remove the Keyname it works. But of course the document isn't anymore valid. Is there a way always to ignore the keyname and use the the certificate by verify a signed document? What is the
xmlSecDSigCtx::keyInfoReadCtx->enabledKeyData xmlSecDSigCtx::keyInfoWriteCtx->enabledKeyData For? How must I use them? Thanks I advance. Jürgen -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: Mittwoch, 31. Mai 2006 22:20 To: [EMAIL PROTECTED]; xmlsec@aleksey.com Subject: Re: [xmlsec] RE: Need urgent help for verify Yes xmlSecDSigCtx::keyInfoReadCtx->enabledKeyData xmlSecDSigCtx::keyInfoWriteCtx->enabledKeyData Aleksey [EMAIL PROTECTED] wrote: > Yes you are right !!! I forgot about that. > > You mean the "--enabled-key-data" list in the command line utility ? > Where is this in the API ? in the Ctx ? > > ----- Original Message ---- > From: Aleksey Sanin <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Cc: Jürgen Heiss <[EMAIL PROTECTED]>; xmlsec@aleksey.com > Sent: Wednesday, May 31, 2006 2:31:14 PM > Subject: Re: [xmlsec] RE: Need urgent help for verify > > > Does it not make sense to check X509Certificate first ? Or must we > > consciously remove KeyName to avoid problems in the mscrypto world > where > the chances of actually having the public verification > certificate in > the verifiers mscrypto store is remote at best ? > > > I think, that either signer or verifier should decide if KeyName makes > sense for him/her or not. In xmlsec, there is a way to disable KeyName > usage for verification, for example. > > Aleksey _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec