Re: KeyInfo - KeyValue vs X509Certificate

[Berin Lautenbach]

No - there is no validity check between the two.  And in fact, because 
of the potential uses of KeyInfo, it *might* be that incompatible key 
values are valid.

XKMS is a particular example - I can do a LocateRequest for "Berin 
Lautenbach" as a KeyName.  The response could include a RSA key, known 
to be good, together with a cert for a separate key.  Both will be 
returned in the same KeyInfo structure.

Cheers,
        Berin
Andrzej Matejko wrote:
Is there any method, function in xsec that checks if KeyValue and
X509Data (X509Certificate) are compatible? (I mean, which checks that
X509Data and KeyValue contains the same public key)?
Or is it better to check it by myself (extract key, compare modulus and
exponent)?


  andrzeJ