|
Hi!
I seem to have found a solution to my
problem.
I wanted to use a X509 pem certificate to
validate a signature but I did not
find a straightforward solution to load a
public key from a certificate.
I have struggled a bit to work this out but
it turned out wasn't so bad
afterall.
Since I could not load a PEM certificate
directly I have to get the (in my
case)
RSA public key from the certificate and
turn it into a xmlSecKeyPtr.
Here is my function which does that
and returns an xmlSecKeyPtr:
static xmlSecKeyPtr
ReadPublicKeyFromPemCert(const char* certFile){
xmlSecKeyPtr retval = NULL; // Load certificate from
file
FILE* fid = fopen(certFile, "r"); X509* pCert = PEM_read_X509(fid, NULL, NULL, NULL); fclose(fid); // Get the public key from the
certificate
EVP_PKEY *pPublicKey = X509_get_pubkey(pCert); if(!pPublicKey){
printf("Failed to get public key from cert\n"); return NULL; } // I only handle RSA
keys
if(pPublicKey->type == EVP_PKEY_RSA){ retval = xmlSecKeyCreate(xmlSecRsaKey, xmlSecKeyOriginX509); if(xmlSecRsaKeyGenerate(retval, pPublicKey->pkey.rsa) < 0){ printf("Failed to generate public key from RSA key\n"); xmlSecKeyDestroy(retval); EVP_PKEY_free(pPublicKey); return NULL; } EVP_PKEY_free(pPublicKey); return
retval;
} EVP_PKEY_free(pPublicKey);
printf("Unknown public key type in
cert");
return NULL; } I then use this public key together with
xmlSecDSigValidate and it seems to work
Ok.
Please comment if you see something bad about
this.
Thanks for all help!
|
- Re: [xmlsec] Verifying a signature against a PEM certificate... Asbj�rn Oskal
- Re: [xmlsec] Verifying a signature against a PEM certif... Aleksey Sanin
- [xmlsec] Less help, please :) Rich Salz
- Re: [xmlsec] Less help, please :) Aleksey Sanin
- Re: [xmlsec] Verifying a signature against a PEM ce... Rich Salz
