You can also load public key in the keys manager, set a name for it and use <dsig:KeyName/> to specify the desired name.
Aleksey Asbj�rn Oskal wrote:
Hi!
As I understand there are two ways to verify a signature against public keys not included in the signature itself.
Either load the public key and send it as a parameter to the xmlSecDSigValidate function or to add the public key to the Keymanager and use the xmlSecKeyOriginKeyManager flag so that the key manager are searched for a key to use when verifying.
I have tried both but does not break through.
I could not find a way to load a usable (public) xmlSecKey.
I tried to use xmlSecKeyReadPemCert and it read the file but then the keydata in the xmlSecKeyPtr was NULL and the key was rejected when I tried to use it.
I the tried to use the xmlSecSimpleKeysMngrLoadPemKey but it does not accept PEM-files starting with
"-----BEGIN CERTIFICATE-----" which my certificate dooes.
As I understand it is the PEM_read_PUBKEY openssl function that rejects the file.
Do external certificates have to be on this format or are there any other ways to load public keys from PEM certificatefiles starting with "-----BEGIN CERTIFICATE-----"?
:)
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
