Re: [Exist-open] Questions about exist crypto lib, validate-signature()

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks for replying, Claudius.

> The function crypto:validate-signature() indeed needs the key info (KeyValue
> element) to be inside the signed XML doc

Confirms my interpretation, thanks.

Since I needed something quickly, I cloned your repo and added a function 
crypto:validate-signature-by-certfile(), which expects a second parameter 
$certfile which is the filename of an X.509 certificate in PEM format. 
I pull the RSA pubkey out of the cert and use that in the validation 
context, instead of a KeySelector instance.  Works fine here.

Will send diff if you're interested.  Actually, I bypassed the ro.kuberam 
lib and use Java crypto/security libs directly, so YMMV.

ciao,
Olaf

Re: [Exist-open] Questions about exist crypto lib, validate-signature()

eXist-db is a feature rich Open Source native XML database

Re: [Exist-open] Questions about exist crypto lib, validate-signature()