-
Notifications
You must be signed in to change notification settings - Fork 109
API XMLSec Core Keyinfo
API Group: xmlsec_core_keyinfo
dsig:KeyInfo node processing.
dsig:KeyInfo/ node parser functions. KeyInfo is an optional element that enables the recipient(s) to obtain the key needed to validate the signature. KeyInfo may contain keys, names, certificates and other public key management information, such as in-band key distribution or key agreement data. Schema Definition:
XML Security Library (http://www.aleksey.com/xmlsec).
This is free software; see the Copyright file in the source distribution for precise wording.
Copyright (C) 2002-2026 Aleksey Sanin aleksey@aleksey.com. All Rights Reserved.
XML Security Library (http://www.aleksey.com/xmlsec).
This is free software; see the Copyright file in the source distribution for precise wording.
Copyright (C) 2002-2026 Aleksey Sanin aleksey@aleksey.com. All Rights Reserved.
<elementname="KeyInfo"type="ds:KeyInfoType"/>
<complexTypename="KeyInfoType"mixed="true">
<choicemaxOccurs="unbounded">
<elementref="ds:KeyName"/>
<elementref="ds:KeyValue"/>
<elementref="ds:RetrievalMethod"/>
<elementref="ds:X509Data"/>
<elementref="ds:PGPData"/>
<elementref="ds:SPKIData"/>
<elementref="ds:MgmtData"/>
<anyprocessContents="lax"namespace="##other"/>
<!--(1,1)elementsfrom(0,unbounded)namespaces-->
</choice>
<attributename="Id"type="ID"use="optional"/>
</complexType>
``` DTD:
```c
<!ELEMENTKeyInfo(#PCDATA|KeyName|KeyValue|RetrievalMethod|
X509Data|PGPData|SPKIData|MgmtData%KeyInfo.ANY;)*>
<!ATTLISTKeyInfoIdID#IMPLIED>Defined as: 0x00000001
Source: include/xmlsec/keyinfo.h
Continue reading KeyInfo after key is found.
If flag is set then we will continue reading <dsig:KeyInfo /> element even when key is already found.
Defined as: 0x00000002
Source: include/xmlsec/keyinfo.h
Abort on unknown KeyInfo child element.
If flag is set then we abort if an unknown <dsig:KeyInfo /> child is found.
Defined as: 0x00000004
Source: include/xmlsec/keyinfo.h
Abort on unknown KeyName content.
If flags is set then we abort if an unknown key name (content of <dsig:KeyName /> element) is found.
Defined as: 0x00000008
Source: include/xmlsec/keyinfo.h
Abort on unknown KeyValue child element.
If flags is set then we abort if an unknown <dsig:KeyValue /> child is found.
Defined as: 0x00000010
Source: include/xmlsec/keyinfo.h
Abort on unknown RetrievalMethod href.
If flag is set then we abort if an unknown href attribute of <dsig:RetrievalMethod /> element is found.
Defined as: 0x00000020
Source: include/xmlsec/keyinfo.h
Abort when href doesn't match actual key data type.
If flag is set then we abort if an href attribute <dsig:RetrievalMethod /> element does not match the real key data type.
Defined as: 0x00000100
Source: include/xmlsec/keyinfo.h
Abort on unknown X509Data child element.
If flags is set then we abort if an unknown <dsig:X509Data /> child is found.
Defined as: 0x00000200
Source: include/xmlsec/keyinfo.h
Load certificates/CRLs without verification.
If flag is set then we'll load certificates or CRLs from <dsig:X509Data /> element without verification.
Defined as: 0x00000400
Source: include/xmlsec/keyinfo.h
Stop on unresolved X509 certificate reference.
If flag is set then we'll stop when we could not resolve reference to certificate from <dsig:X509IssuerSerial />, <dsig:X509SKI /> or <dsig:X509SubjectName /> elements.
Defined as: 0x00000800
Source: include/xmlsec/keyinfo.h
Stop when X509Data returns no verified certificate.
If the flag is set then we'll stop when <dsig:X509Data /> element processing does not return a verified certificate.
Defined as: 0x00001000
Source: include/xmlsec/keyinfo.h
Stop when EncryptedKey element processing fails.
If the flag is set then we'll stop when <enc:EncryptedKey /> element processing fails.
Defined as: 0x00002000
Source: include/xmlsec/keyinfo.h
Stop when an empty node is found.
If the flag is set then we'll stop when we found an empty node. Otherwise we just ignore it.
Defined as: 0x00004000
Source: include/xmlsec/keyinfo.h
Skip strict checking of certificates and CRLs.
If the flag is set then we'll skip strict checking of certs and CRLs
Defined as: 0x00008000
Source: include/xmlsec/keyinfo.h
Try any key matching requirements, not just referenced keys.
If the flag is set then we'll try to find any key that matches requirements (e.g. any RSA public key). In the default strict key search mode, only keys referenced in dsig:KeyInfo/ (e.g. by KeyName value) are used.
Defined as: 0x00010000
Source: include/xmlsec/keyinfo.h
Skip time checks of certificates and CRLs.
If the flag is set then we'll skip time checks of certs and CRLs
Defined as: xmlSecKeyDataNameGetKlass()
Source: include/xmlsec/keyinfo.h
The dsig:KeyName processing class.
Defined as: xmlSecKeyDataValueGetKlass()
Source: include/xmlsec/keyinfo.h
The dsig:KeyValue processing class.
Defined as: xmlSecKeyDataRetrievalMethodGetKlass()
Source: include/xmlsec/keyinfo.h
The dsig:RetrievalMethod processing class.
Defined as: xmlSecKeyDataKeyInfoReferenceGetKlass()
Source: include/xmlsec/keyinfo.h
The dsig11:KeyInfoReference processing class.
Defined as: xmlSecKeyDataEncryptedKeyGetKlass()
Source: include/xmlsec/keyinfo.h
The enc:EncryptedKey element processing class.
Defined as: xmlSecKeyDataAgreementMethodGetKlass()
Source: include/xmlsec/keyinfo.h
The enc:AgreementMethod processing class.
Defined as: xmlSecKeyDataDerivedKeyGetKlass()
Source: include/xmlsec/keyinfo.h
The enc11:DerivedKey processing class.
Source: include/xmlsec/keyinfo.h
The KeyInfo context operation mode.
The xmlSecKeyInfoCtx operation mode (read or write).
| Value | Initializer | Description |
|---|---|---|
xmlSecKeyInfoModeRead |
= 0 |
|
xmlSecKeyInfoModeWrite |
`` |
int xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx);Source: include/xmlsec/keyinfo.h
Reads and parses a KeyInfo node to extract key data.
Parses the dsig:KeyInfo/ element keyInfoNode, extracts the key data and stores into key.
Parameters:
-
keyInfoNode— the pointer to dsig:KeyInfo/ node. -
key— the pointer to result key object. -
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context.
Returns: 0 on success or -1 if an error occurs.
int xmlSecKeyInfoNodeWrite(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx);Source: include/xmlsec/keyinfo.h
Writes a key into a KeyInfo node template.
Writes the key into the dsig:KeyInfo/ element template keyInfoNode.
Parameters:
-
keyInfoNode— the pointer to dsig:KeyInfo/ node. -
key— the pointer to key object. -
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context.
Returns: 0 on success or -1 if an error occurs.
xmlSecKeyInfoCtxPtr xmlSecKeyInfoCtxCreate(xmlSecKeysMngrPtr keysMngr);Source: include/xmlsec/keyinfo.h
Allocates and initializes a KeyInfo processing context.
Allocates and initializes dsig:KeyInfo/ element processing context. Caller is responsible for freeing it by calling xmlSecKeyInfoCtxDestroy function.
Parameters:
-
keysMngr— the pointer to keys manager (may be NULL).
Returns: pointer to newly allocated object or NULL if an error occurs.
void xmlSecKeyInfoCtxDestroy(xmlSecKeyInfoCtxPtr keyInfoCtx);Source: include/xmlsec/keyinfo.h
Destroys a KeyInfo processing context.
Destroys keyInfoCtx object created with xmlSecKeyInfoCtxCreate function.
Parameters:
-
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context.
int xmlSecKeyInfoCtxInitialize(xmlSecKeyInfoCtxPtr keyInfoCtx, xmlSecKeysMngrPtr keysMngr);Source: include/xmlsec/keyinfo.h
Initializes a KeyInfo processing context.
Initializes dsig:KeyInfo/ element processing context. Caller is responsible for cleaning it up by xmlSecKeyInfoCtxFinalize function.
Parameters:
-
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context. -
keysMngr— the pointer to keys manager (may be NULL).
Returns: 0 on success and a negative value if an error occurs.
void xmlSecKeyInfoCtxFinalize(xmlSecKeyInfoCtxPtr keyInfoCtx);Source: include/xmlsec/keyinfo.h
Cleans up a KeyInfo processing context.
Cleans up the keyInfoCtx initialized with xmlSecKeyInfoCtxInitialize function.
Parameters:
-
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context.
void xmlSecKeyInfoCtxReset(xmlSecKeyInfoCtxPtr keyInfoCtx);Source: include/xmlsec/keyinfo.h
Resets the KeyInfo context state.
Resets the keyInfoCtx state. User settings are not changed.
Parameters:
-
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context.
int xmlSecKeyInfoCtxCopyUserPref(xmlSecKeyInfoCtxPtr dst, xmlSecKeyInfoCtxPtr src);Source: include/xmlsec/keyinfo.h
Copies user preferences between KeyInfo contexts.
Copies user preferences from src context to dst context.
Parameters:
-
dst— the pointer to destination context object. -
src— the pointer to source context object.
Returns: 0 on success and a negative value if an error occurs.
int xmlSecKeyInfoCtxCreateEncCtx(xmlSecKeyInfoCtxPtr keyInfoCtx);Source: include/xmlsec/keyinfo.h
Creates an encryption context for KeyInfo processing.
Creates encryption context form processing enc:EncryptedKey/ child of dsig:KeyInfo/ element.
Parameters:
-
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context.
Returns: 0 on success and a negative value if an error occurs.
void xmlSecKeyInfoCtxDebugDump(xmlSecKeyInfoCtxPtr keyInfoCtx, FILE *output);Source: include/xmlsec/keyinfo.h
Prints KeyInfo context state for debugging.
Prints user settings and current context state to output.
Parameters:
-
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context. -
output— the output file pointer.
void xmlSecKeyInfoCtxDebugXmlDump(xmlSecKeyInfoCtxPtr keyInfoCtx, FILE *output);Source: include/xmlsec/keyinfo.h
Prints KeyInfo context state in XML format for debugging.
Prints user settings and current context state in XML format to output.
Parameters:
-
keyInfoCtx— the pointer to dsig:KeyInfo/ element processing context. -
output— the output file pointer.
xmlSecKeyDataId xmlSecKeyDataNameGetKlass(void);Source: include/xmlsec/keyinfo.h
Gets the KeyName element key data klass.
The dsig:KeyName/ element key data klass (http://www.w3.org/TR/xmldsig-core/#sec-KeyName):
The KeyName element contains a string value (in which white space is significant) which may be used by the signer to communicate a key identifier to the recipient. Typically, KeyName contains an identifier related to the key pair used to sign the message, but it may contain other protocol-related information that indirectly identifies a key pair. (Common uses of KeyName include simple string names for keys, a key index, a distinguished name (DN), an email address, etc.)
Returns: the dsig:KeyName/ element processing key data klass.
xmlSecKeyDataId xmlSecKeyDataValueGetKlass(void);Source: include/xmlsec/keyinfo.h
Gets the KeyValue element key data klass.
The dsig:KeyValue/ element key data klass (http://www.w3.org/TR/xmldsig-core/#sec-KeyValue):
The KeyValue element contains a single public key that may be useful in validating the signature.
Returns: the dsig:KeyValue/ element processing key data klass.
xmlSecKeyDataId xmlSecKeyDataRetrievalMethodGetKlass(void);Source: include/xmlsec/keyinfo.h
Gets the RetrievalMethod element key data klass.
The dsig:RetrievalMethod/ element key data klass (http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod): A RetrievalMethod element within KeyInfo is used to convey a reference to KeyInfo information that is stored at another location. For example, several signatures in a document might use a key verified by an X.509v3 certificate chain appearing once in the document or remotely outside the document; each signature's KeyInfo can reference this chain using a single RetrievalMethod element instead of including the entire chain with a sequence of X509Certificate elements.
RetrievalMethod uses the same syntax and dereferencing behavior as Reference's URI and The Reference Processing Model.
Returns: the dsig:RetrievalMethod/ element processing key data klass.
xmlSecKeyDataId xmlSecKeyDataKeyInfoReferenceGetKlass(void);Source: include/xmlsec/keyinfo.h
Gets the KeyInfoReference element key data klass.
A KeyInfoReference element within KeyInfo is used to convey a reference to a KeyInfo element at another location in the same or different document.
KeyInfoReference uses the same syntax and dereferencing behavior as Reference's URI and the Reference Processing Model except that there are no child elements and the presence of the URI attribute is mandatory.
The result of dereferencing a KeyInfoReference MUST be a KeyInfo element, or an XML document with a KeyInfo element as the root.
<!--targetNamespace="http://www.w3.org/2009/xmldsig11#"-->
<elementname="KeyInfoReference"type="dsig11:KeyInfoReferenceType"/>
<complexTypename="KeyInfoReferenceType">
<attributename="URI"type="anyURI"use="required"/>
<attributename="Id"type="ID"use="optional"/>
</complexType>https://www.w3.org/TR/xmldsig-core1/#sec-KeyInfoReference
Returns: thedsig11:KeyInfoReference/ element processing key data klass.
xmlSecKeyDataId xmlSecKeyDataEncryptedKeyGetKlass(void);Source: include/xmlsec/keyinfo.h
Gets the EncryptedKey element key data klass.
The enc:EncryptedKey/ element key data klass (http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey):
The EncryptedKey element is used to transport encryption keys from the originator to a known recipient(s). It may be used as a stand-alone XML document, be placed within an application document, or appear inside an EncryptedData element as a child of a ds:KeyInfo element. The key value is always encrypted to the recipient(s). When EncryptedKey is decrypted the resulting octets are made available to the EncryptionMethod algorithm without any additional processing.
Returns: the enc:EncryptedKey/ element processing key data klass.
xmlSecKeyDataId xmlSecKeyDataAgreementMethodGetKlass(void);Source: include/xmlsec/keyinfo.h
Gets the AgreementMethod element key data klass.
The enc:AgreementMethod/ element key data klass (https://www.w3.org/TR/xmlenc-core1/#sec-Alg-KeyAgreement)
A Key Agreement algorithm provides for the derivation of a shared secret key based on a shared secret computed from certain types of compatible public keys from both the sender and the recipient. Information from the originator to determine the secret is indicated by an optional OriginatorKeyInfo parameter child of an AgreementMethod element while that associated with the recipient is indicated by an optional RecipientKeyInfo. A shared key is derived from this shared secret by a method determined by the Key Agreement algorithm.
Returns: the enc:AgreementMethod/ element processing key data klass.
xmlSecKeyDataId xmlSecKeyDataDerivedKeyGetKlass(void);Source: include/xmlsec/keyinfo.h
Gets the DerivedKey element key data klass.
Theenc11:DerivedKey/ element key data klass (https://www.w3.org/TR/xmlenc-core1/#sec-DerivedKey)
The DerivedKey element is used to transport information about a derived key from the originator to recipient(s). It may be used as a stand-alone XML document, be placed within an application document, or appear inside an EncryptedData or Signature element as a child of a ds:KeyInfo element. The key value itself is never sent by the originator. Rather, the originator provides information to the recipient(s) by which the recipient(s) can derive the same key value. When the key has been derived the resulting octets are made available to the EncryptionMethod or SignatureMethod algorithm without any additional processing.
Returns: theenc11:DerivedKey/ element processing key data klass.