Hi:
  More from the OpenSSL doc I quoted earlier:

The ApacheSSL documentation, and the docs for the SSLeay toolkit, refer to 
certificates and certificate requests as "PEM" files. They are not. ApacheSSL, like 
all SSL secure servers, uses the (standard) X.509 certificate format. X.509 
certificates are binary files, which are difficult to send around by mail. So SSLeay 
stores them in BASE64 encoded format, between '-----BEGIN-----' and '-----END-----' 
lines. BASE64 encoding was defined as part of the (old) Privacy Enhanced Mail (PEM) 
specification, which is why the documentation calls them "PEM format" files.

  To convert my DER binary encoded X509 certs so that xmlSecSimpleKeysMngrLoadPemKey 
would load them I used:
x509 -inform der -text -in d:old_export.pem -out d:new_export.pem
  (the x509 utility is part of the openssl distribution)

If I understand your question, this should solve your problem.
Ferrell

-----Original Message-----
From: Asbj�rn Oskal [mailto:[EMAIL PROTECTED]] 
Sent: Monday, November 25, 2002 7:19 AM
To: [EMAIL PROTECTED]
Subject: Re: [xmlsec] Verifying a signature against a PEM certificate


Hi!

It seems to me from the answers I have gotten that there are no easy ways to
verify XML-signatures against (the public key from) X509 PEM-certificate
files.
The xmlSecSimpleKeysMngrLoadPemKey does not accept loading public keys from
such files.
It does only accept public key files starting with -----BEGIN PUBLIC
KEY-----
So, does any of you know a way of creating such public key files from X509
PEM-certificates?

The question is really, how can one make sure the identity of the signer
without verifying the signature against a public key you know belongs to the
signer. Or is it possible to check who is the owner of the public key
contained in the KeyInfo?

:)

_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to