hello, Thanks. The certificate will be put into dsig:X509Data for verification
Weizhong On Mon, Jul 7, 2008 at 5:05 PM, chia pern hui <[EMAIL PROTECTED]> wrote: > > Hi > > I think calling xmlSecCryptoAppKeyCertLoad will append > the cert to the signed document. This can be useful depending > on the use case. > > Cheers, > Pern hui > > On Mon, Jul 7, 2008 at 5:51 PM, wz qiang <[EMAIL PROTECTED]> wrote: > > Hello, > > In http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html > > > > Before siging a node, > > > > /* load private key, assuming that there is not password */ > > > > dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, > > xmlSecKeyDataFormatPem, NULL, NULL, NULL); > > if(dsigCtx->signKey == NULL) { > > fprintf(stderr,"Error: failed to load private pem key from > > \"%s\"\n", key_file); > > > > goto done; > > } > > > > /* load certificate and add to the key */ > > if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, > > xmlSecKeyDataFormatPem) < 0) { > > fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", > > cert_file); > > > > goto done; > > } > > > > I wonder whether the second step (load certificate) is needed for signing? > > In principle, private key is enough, right? I also test with loading > > certificate and without loading certificate, both signature can be verified. > > > > Appretiate in advance > > > > Weizhong > > > > _______________________________________________ > > xmlsec mailing list > > [email protected] > > http://www.aleksey.com/mailman/listinfo/xmlsec > > > > > > > > -- > Best regards, > Pern Hui _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
