1) pkcs12 file is a container. You can add/remove things freely
2) To get the serial number just add X509IssuerSerial node to the template Aleksey On 11/20/10 2:14 AM, Pekka A wrote:
Aleksey Sanin wrote: > > It's a feature :) You might want to simply create a new p12 file. Hello Thanks for your response. That crypted p12 certificate comes from Bank, so I am not sure if I am allowed to twiddle anything inside it, without breaking anything, I do have a key for it though. I understand if that is a current XmlSec feature, so it won't go away right away. But then the possible workarounds? It looks like a standard XML content anyway. Is there any XmlSec calls how I would be able to access those nodes and drop the first <X509Certificate> node away? Or if there aren't any, should I try to read the whole XML buffer out of XmlSec. Then maybe use XmlLib2 to do the changes, and write the buffer back to XmlSec? And after this, let XmlSec do the Singing part. Is there any chance this could work, and I would get a well signed XML as output? > I am not sure what are you trying to do. These nodes are used to > identify the certificate used for the signature. Not sure why do you > want to pick these values yourself. Again, there's nothing I can do for this. It is a strict requirement from the bank, they want that X509SerialNumber to be visible there. If it would be possible to use the workaround described above, then I could add these nodes to the XML in my XmlLib2 code manually. Before the actual Signing call. Then I would need a bit of a help how to use XmlSec to read and get the X509SerialNumber value out the certificate. cheers Pekka A.
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
