You can load PKCS12 key+cert directly from xmlsec, take a look at xmlSecCryptoAppPkcs12Load() and xmlSecCryptoAppPkcs12LoadMemory() functions. Or xmlsec-openssl specific call xmlSecOpenSSLAppPkcs12LoadBIO().
Otherwise, if you want to parse PKCS12 container yourself, take a look at xmlsec-openssl specific functions in xmlsec/openssl/evp.h and xmlsec/openssl/x509.h. Something like xmlSecOpenSSLEvpKeyAdopt(), xmlSecOpenSSLKeyDataX509AdoptKeyCert(), and xmlSecOpenSSLKeyDataX509AdoptCert(). For details on how to use these functions, best of all study the source code for the xmlSecOpenSSLAppPkcs12LoadBIO() function. It makes all the right calls in the right order :) Aleksey On 8/13/2010 11:05 AM, Duh Crab wrote:
I am trying to sign XML using the pkey and X509 cert in a pkcs12 file. I extracted the pkey and cert from the pkcs12 file using the following - EVP_PKEY *pkey; X509 *cert; PKCS12 *p12; p12 = d2i_PKCS12_fp(fp, NULL); PKCS12_parse(p12, passphrase,&pkey,&cert,&ca); I now want to use the pkey and cert from above to sign xml using xmlsec. How do I use these with the following api's? xmlSecCryptoAppKeyLoadMemory() xmlSecOpenSSLAppKeyCertLoadMemory() If I save the pkey and cert above to the filesystem and then call - xmlSecCryptoAppKeyLoad() and xmlSecCryptoAppKeyCertLoad() (along with other xmlsec api's), everything works well and I am able to sign the XML. However, there are cases where I do not have access to the filesystem and need to use pkey and cert from memory. Thanks, Sri _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
