To verify XML digital signatures in PSKC data, you may use the pskc_verify_x509crt function.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
#include <stdio.h> #include <pskc/pskc.h> /* * $ cc -o pskcverify pskcverify.c $(pkg-config --cflags --libs libpskc) * $ ./pskcverify signed.xml pskc-root-crt.pem * OK * $ */ #define PSKC_CHECK_RC \ if (rc != PSKC_OK) { \ printf ("%s (%d): %s\n", pskc_strerror_name (rc), \ rc, pskc_strerror (rc)); \ return 1; \ } int main (int argc, const char *argv[]) { char buffer[4096]; FILE *fh = fopen (argv[1], "r"); size_t len = fread (buffer, 1, sizeof (buffer), fh); pskc_t *container; int rc, valid_sig; fclose (fh); rc = pskc_global_init (); PSKC_CHECK_RC; rc = pskc_init (&container); PSKC_CHECK_RC; rc = pskc_parse_from_memory (container, len, buffer); PSKC_CHECK_RC; rc = pskc_verify_x509crt (container, argv[2], &valid_sig); PSKC_CHECK_RC; puts (valid_sig ? "OK" : "FAIL"); pskc_done (container); pskc_global_done (); } |
You would compile and use the example like this.
1 2 3 4 |
jas@latte:~$ cc -o pskcverify pskcverify.c $(pkg-config --cflags --libs libpskc) jas@latte:~$ ./pskcverify signed.xml pskc-root-crt.pem OK jas@latte:~$ |
For more background and information on how to generate the necessary private key and certificates, see the "pskctool" command line tool documentation.