In general, I wouldn't recommend KeyValue for anything but examples
for a number of security concerns.
You should consider using KeyName or X509Data instead.
Best,
Aleksey
On 3/5/21 4:01 AM, Timothy Legge wrote:
Hi
On Thu, Mar 04, 2021 at 11:40:51PM -0400, Timothy Legge <[email protected]>
wrote:
<dsig:KeyInfo>
<dsig:KeyValue>
Is there any reason why you specify KeyValue directly? If you wrap your
key into an x509 cert and use <X509Data>, that should work, see e.g.
tests/aleksey-xmldsig-01/enveloping-sha256-ecdsa-sha256.xml.
Couple of reasons that don't make a lot of sense. First, it is closer
to DSA so the current code was easy to modify. Secondly, there were
not a lot of example xml files (I either missed the one you mentioned
or I got stuck on the first reason. Third is likely the fact that it
is a documented method that can be used...
Adding X509Data was next on my list. I don't have any use cases or
users asking for ecdsa but I would like to get it added before I need
it.
Thanks
Tim
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
