Hello,
In http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html
Before siging a node,
/* load private key, assuming that there is not password */
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
if(dsigCtx->signKey == NULL) {
fprintf(stderr,"Error: failed to load private pem key from
\"%s\"\n", key_file);
goto done;
}
/* load certificate and add to the key */
if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
xmlSecKeyDataFormatPem) < 0) {
fprintf(stderr,"Error: failed to load pem certificate
\"%s\"\n", cert_file);
goto done;
}
I wonder whether the second step (load certificate) is needed for signing?
In principle, private key is enough, right? I also test with loading
certificate and without loading certificate, both signature can be verified.
Appretiate in advance
Weizhong
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
