Nope, certificate is not needed for signing. In this example
certificate is used to carry the public key for the verification
purposes.
Aleksey
wz qiang wrote:
Hello,
In http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html
Before siging a node,
/* load private key, assuming that there is not password */
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem,
NULL, NULL, NULL);
if(dsigCtx->signKey == NULL) {
fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n",
key_file);
goto done;
}
/* load certificate and add to the key */
if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
xmlSecKeyDataFormatPem) < 0) {
fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n",
cert_file);
goto done;
}
I wonder whether the second step (load certificate) is needed for
signing? In principle, private key is enough, right? I also test with
loading certificate and without loading certificate, both signature can
be verified.
Appretiate in advance
Weizhong
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
