Hi: More from the OpenSSL doc I quoted earlier: The ApacheSSL documentation, and the docs for the SSLeay toolkit, refer to certificates and certificate requests as "PEM" files. They are not. ApacheSSL, like all SSL secure servers, uses the (standard) X.509 certificate format. X.509 certificates are binary files, which are difficult to send around by mail. So SSLeay stores them in BASE64 encoded format, between '-----BEGIN-----' and '-----END-----' lines. BASE64 encoding was defined as part of the (old) Privacy Enhanced Mail (PEM) specification, which is why the documentation calls them "PEM format" files.
To convert my DER binary encoded X509 certs so that xmlSecSimpleKeysMngrLoadPemKey would load them I used: x509 -inform der -text -in d:old_export.pem -out d:new_export.pem (the x509 utility is part of the openssl distribution) If I understand your question, this should solve your problem. Ferrell -----Original Message----- From: Asbj�rn Oskal [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 7:19 AM To: [EMAIL PROTECTED] Subject: Re: [xmlsec] Verifying a signature against a PEM certificate Hi! It seems to me from the answers I have gotten that there are no easy ways to verify XML-signatures against (the public key from) X509 PEM-certificate files. The xmlSecSimpleKeysMngrLoadPemKey does not accept loading public keys from such files. It does only accept public key files starting with -----BEGIN PUBLIC KEY----- So, does any of you know a way of creating such public key files from X509 PEM-certificates? The question is really, how can one make sure the identity of the signer without verifying the signature against a public key you know belongs to the signer. Or is it possible to check who is the owner of the public key contained in the KeyInfo? :) _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
