Private key in cert/cicert.pem file? Really? Aleksey
On 5/21/13 9:41 PM, Jeffrey Jin (jefjin) wrote: > Aleksey, > > The cert in cert/ folder but I got the error as bellows: > > [jabber@localhost xmlsec-demo]$ ./verify1 example/sample-res.xml > cert/cicert.pem > func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=263:obj=unknown:subj=PEM_re > ad_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library function > failed: > func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=153:obj=unknown:subj=xmlSecOpe > nSSLAppKeyLoadBIO:error=1:xmlsec library function > failed:filename=cert/cicert.pem;errno=0 > Error: failed to load public pem key from "cert/cicert.pem" > > -Jeffrey > > > > On 5/22/13 12:17 PM, "Aleksey Sanin" <[email protected]> wrote: > >> If you set the key in xmldsigctx then it will never get there anyway. >> >> Otherwise, check enabledKeyData in xmlSecKeyInfoCtx (there are examples >> in the xmlsec1 command line tool source code) >> >> Aleksey >> >> On 5/21/13 9:14 PM, Jeffrey Jin (jefjin) wrote: >>> Thanks Aleksey quick response. I will try it. >>> I have another question: how to disable certificate validation in >>> xmlsec? >>> >>> On 5/22/13 12:10 PM, "Aleksey Sanin" <[email protected]> wrote: >>> >>>> If you know the public key in advance then you can set it in xmlDsigCtx >>>> >>>> Aleksey >>>> >>>> On 5/21/13 9:02 PM, Jeffrey Jin (jefjin) wrote: >>>>> Hi All, >>>>> >>>>> We are using XMLSec to handle XML signature and encryption in SAML 1.0 >>>>> and 2.0 protocols. We are pre-configed the configuration data such as >>>>> IDP certificate using metadata. So even the response include >>>>> "KeyInfo/X509Data", we will ignore it then using local pre-config >>>>> certificate to verify it and we assume SP totally trust this >>>>> certificate. So also we won't use CA certificate to verify the >>>>> pre-config certificate's legitimacy. >>>>> >>>>> I dig into code then find: >>>>> >>>>> /* ignore <dsig:KeyInfo /> if there is the key is already set */ >>>>> /* todo: throw an error if key is set and node != NULL? */ >>>>> if((dsigCtx->signKey == NULL) && (dsigCtx->keyInfoReadCtx.keysMngr >>>>> != NULL) >>>>> && (dsigCtx->keyInfoReadCtx.keysMngr->getKey >>>>> != >>>>> NULL)) { >>>>> dsigCtx->signKey = >>>>> (dsigCtx->keyInfoReadCtx.keysMngr->getKey)(node, >>>>> &(dsigCtx->keyInfoReadCtx)); >>>>> } >>>>> >>>>> Does it means I need to set dsigCtx->signKey? And what's meaning of >>>>> dsigCtx->signKey? Is it private key from IDP? (we never can get >>>>> private >>>>> key from IDP). How can I meet this requirement by xmlsec? >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> Jeffrey >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> xmlsec mailing list >>>>> [email protected] >>>>> http://www.aleksey.com/mailman/listinfo/xmlsec >>>>> >>> > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
