Well, in this particular case, the key will not have certificate. You signature has a valid RSA public key that xmlsec uses for validation. And this key has not certificate attached to it!
I guess, you want xmlsec not to use the key from the RSAKeyValue and instead lookup the key in the KeyManager (and find the key with certificate). Probably, the simples way to achieve this would be to disable (or to be precsise, not enable) the RSAKeyValue as the key data source. In the xmlsec command line tool, check the option "--enabled-key-data" or the enabledKeyData memeber of the xmlSecKeyInfoCtx structure (search xmlsec command line tool source file for an example!). Aleksey _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
