The library can also digitally sign PSKC data using a X.509 private key and certificate, both stored in files. Below is a minimal example illustring how to read a PSKC file, digitally sign it and then print the signed XML to stdout.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
#include <stdio.h> #include <pskc/pskc.h> /* * $ cc -o pskcsign pskcsign.c $(pkg-config --cflags --libs libpskc) * $ ./pskcsign pskc-hotp.xml pskc-ee-key.pem pskc-ee-crt.pem > signed.xml */ #define PSKC_CHECK_RC \ if (rc != PSKC_OK) { \ printf ("%s (%d): %s\n", pskc_strerror_name (rc), \ rc, pskc_strerror (rc)); \ return 1; \ } int main (int argc, const char *argv[]) { char buffer[4096]; FILE *fh; size_t len; pskc_t *container; char *out; int rc; if (argc != 4) { printf ("Usage: %s <PSKCFILE> <X509KEY> <X509CERT>\n", argv[0]); return 1; } fh = fopen (argv[1], "r"); if (!fh) { perror ("fopen"); return 1; } len = fread (buffer, 1, sizeof (buffer), fh); fclose (fh); rc = pskc_global_init (); PSKC_CHECK_RC; rc = pskc_init (&container); PSKC_CHECK_RC; rc = pskc_parse_from_memory (container, len, buffer); PSKC_CHECK_RC; rc = pskc_sign_x509 (container, argv[2], argv[3]); PSKC_CHECK_RC; rc = pskc_output (container, PSKC_OUTPUT_XML, &out, &len); PSKC_CHECK_RC; fwrite (out, 1, len, stdout); pskc_free (out); pskc_done (container); pskc_global_done (); return 0; } |
You would compile and use the example like this.
1 2 3 |
jas@latte:~$ cc -o pskcsign pskcsign.c $(pkg-config --cflags --libs libpskc) jas@latte:~$ ./pskcsign pskc-hotp.xml pskc-ee-key.pem pskc-ee-crt.pem > signed.xml jas@latte:~$ |
The next section illustrate how to verify the content of "signed.xml". For more background and information on how to generate the necessary private key and certificates, see the "pskctool" command line tool documentation.