No, just public key in cert.
On 5/22/13 12:45 PM, "Aleksey Sanin" <[email protected]> wrote: >Private key in cert/cicert.pem file? Really? > >Aleksey > >On 5/21/13 9:41 PM, Jeffrey Jin (jefjin) wrote: >> Aleksey, >> >> The cert in cert/ folder but I got the error as bellows: >> >> [jabber@localhost xmlsec-demo]$ ./verify1 example/sample-res.xml >> cert/cicert.pem >> >>func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=263:obj=unknown:subj=PEM_ >>re >> ad_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library >>function >> failed: >> >>func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=153:obj=unknown:subj=xmlSecO >>pe >> nSSLAppKeyLoadBIO:error=1:xmlsec library function >> failed:filename=cert/cicert.pem;errno=0 >> Error: failed to load public pem key from "cert/cicert.pem" >> >> -Jeffrey >> >> >> >> On 5/22/13 12:17 PM, "Aleksey Sanin" <[email protected]> wrote: >> >>> If you set the key in xmldsigctx then it will never get there anyway. >>> >>> Otherwise, check enabledKeyData in xmlSecKeyInfoCtx (there are examples >>> in the xmlsec1 command line tool source code) >>> >>> Aleksey >>> >>> On 5/21/13 9:14 PM, Jeffrey Jin (jefjin) wrote: >>>> Thanks Aleksey quick response. I will try it. >>>> I have another question: how to disable certificate validation in >>>> xmlsec? >>>> >>>> On 5/22/13 12:10 PM, "Aleksey Sanin" <[email protected]> wrote: >>>> >>>>> If you know the public key in advance then you can set it in >>>>>xmlDsigCtx >>>>> >>>>> Aleksey >>>>> >>>>> On 5/21/13 9:02 PM, Jeffrey Jin (jefjin) wrote: >>>>>> Hi All, >>>>>> >>>>>> We are using XMLSec to handle XML signature and encryption in SAML >>>>>>1.0 >>>>>> and 2.0 protocols. We are pre-configed the configuration data such >>>>>>as >>>>>> IDP certificate using metadata. So even the response include >>>>>> "KeyInfo/X509Data", we will ignore it then using local pre-config >>>>>> certificate to verify it and we assume SP totally trust this >>>>>> certificate. So also we won't use CA certificate to verify the >>>>>> pre-config certificate's legitimacy. >>>>>> >>>>>> I dig into code then find: >>>>>> >>>>>> /* ignore <dsig:KeyInfo /> if there is the key is already set */ >>>>>> /* todo: throw an error if key is set and node != NULL? */ >>>>>> if((dsigCtx->signKey == NULL) && >>>>>>(dsigCtx->keyInfoReadCtx.keysMngr >>>>>> != NULL) >>>>>> && (dsigCtx->keyInfoReadCtx.keysMngr->getKey >>>>>> != >>>>>> NULL)) { >>>>>> dsigCtx->signKey = >>>>>> (dsigCtx->keyInfoReadCtx.keysMngr->getKey)(node, >>>>>> &(dsigCtx->keyInfoReadCtx)); >>>>>> } >>>>>> >>>>>> Does it means I need to set dsigCtx->signKey? And what's meaning of >>>>>> dsigCtx->signKey? Is it private key from IDP? (we never can get >>>>>> private >>>>>> key from IDP). How can I meet this requirement by xmlsec? >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Jeffrey >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> xmlsec mailing list >>>>>> [email protected] >>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec >>>>>> >>>> >> _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
