Re: [xmlsec] how can I use the public key for encryption

Fri, 27 Jun 2008 16:34:28 -0700 

hello Aleksey and Ed,
I use:
openssl x509 -inform pem -in cert.pem -pubkey -noout > publickey.pem

to extract the public key from certificate, and then load the public key
into keymanager:
 key = xmlSecCryptoAppKeyLoad(publickeyfile, xmlSecKeyDataFormatPem, NULL,
NULL, NULL);
xmlSecCryptoAppDefaultKeysMngrAdoptKey(keys_mngr, key);

It seems to work.

My following question is, is there some api in xmlsec which I can use to
extract public key directly from certificate. I know in openssl there is
X509_get_pubkey(certfile), but the return type is EVP_PKEY, here we need
xmlSecKeyPtr.

Thanks
Weizhong



On 6/26/08, Aleksey Sanin <[EMAIL PROTECTED]> wrote:
>
> Ah, I see.... I guess it is a copy/paste error for the comment :)
>
> Aleksey
>
> Ed Shallow wrote:
>
>> I believe Weizhong is asking why is the "private" key being loaded  if one
>> simply wants to encrypt.
>>
>> Loading a public certificate  in .pem  should  be appropriate.
>>
>> Why is private even mentioned ?
>>
>>
>> Aleksey Sanin wrote:
>>
>>> The session key is created for you automatically if you specify
>>> that you want AES, DES, ... encryption for the data. Look at the
>>> xmlsec/tests/ examples.
>>>
>>>
>>> Aleksey
>>>
>>> wz qiang wrote:
>>>
>>>> hi Aleksey and others,
>>>>  In encrypt3.c, there is one line for loading private key.
>>>>      /* load private RSA key */
>>>>    key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL,
>>>> NULL, NULL);
>>>>  I my understanding, normally the public key is used for encrypting the
>>>> session key, and then on the other side private key is used for decrypting
>>>> the session key (session key is used for encrypting the data). So my
>>>> question is, how I can do like that by using xmlsec API?
>>>>   Thanks in advance
>>>> Weizhong Qiang
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> [email protected]
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> [email protected]
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
>>>
>> _______________________________________________
>> xmlsec mailing list
>> [email protected]
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
> _______________________________________________
> xmlsec mailing list
> [email protected]
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to