OpenSAML user discussion

[hao chen <>]

Hi Scott,

I think we are more closer to the points. I need to
understand the following comments you provide:

[
It manually strips off the headers and has to feed the
data 
into
the security library, which didn't support PEM
directly but required 
the
input to be base64 DER, basically everything but the
BEGIN/END lines.

So no, DER won't work unless you run it into openssl
base64 -e first.

]

I did see the program strips off the BEGIN/END part of
certificate file but did not see it strips off the
BEGIN/END port of private key file. Do I need to do
that either modify the key file or the program?

What is meant by your comment 'didn't support PEM
directly but required the input to be base64 DER,...'?
Do you mean I must use base64 encoding if I use DER
format?

thanks a lot.
hao
--- Scott Cantor 
<>
 wrote:

> > The signtest program is just what I would like to
> try
> > since testing java, c, and third party FIM is what
> I
> > am doing. I did use openssl to generate those key
> and
> > cert and I also verified the key and cert are good
> by
> > using openssl tool. 
> 
> Ah, ok.
> 
> > I wonder what kind of format of
> > the key storage is required by opensaml, such as I
> am
> > using DER. Is DER acceptable for opensaml? If I
> use
> > java keytool to generate those key and cert, does
> > opensaml in C accept them?
> 
> That program isn't user friendly, but I think the
> files just have to be in
> PEM format. It manually strips off the headers and
> has to feed the data into
> the security library, which didn't support PEM
> directly but required the
> input to be base64 DER, basically everything but the
> BEGIN/END lines.
> 
> So no, DER won't work unless you run it into openssl
> base64 -e first.
> 
> -- Scott
> 
> 


=====
Best Regard

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com