»Home
»News
»Download
»Documentation
     »oathtool(1)
     »pskctool(1)
     »Liboath API
     »PSKC Tutorial
     »Libpskc API
     »pam_oath
»Contribute
OATH Toolkit
One-time password components

Verify signed PSKC data

To verify XML digital signatures in PSKC data, you may use the pskc_verify_x509crt function.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#include <stdio.h>
#include <pskc/pskc.h>

/*
 * $ cc -o pskcverify pskcverify.c $(pkg-config --cflags --libs libpskc)
 * $ ./pskcverify signed.xml pskc-root-crt.pem
 * OK
 * $
 */

#define PSKC_CHECK_RC					   \
  if (rc != PSKC_OK) {					   \
    printf ("%s (%d): %s\n", pskc_strerror_name (rc),	   \
	    rc, pskc_strerror (rc));			   \
    return 1;						   \
  }

int
main (int argc, const char *argv[])
{
  char buffer[4096];
  FILE *fh;
  size_t len;
  pskc_t *container;
  int rc, valid_sig;

  if (argc != 3)
    {
      printf ("Usage: %s <PSKCFILE> <X509CERT>\n", argv[0]);
      return 1;
    }
  fh = fopen (argv[1], "r");
  if (!fh)
    {
      perror ("fopen");
      return 1;
    }
  len = fread (buffer, 1, sizeof (buffer), fh);
  fclose (fh);

  rc = pskc_global_init ();
  PSKC_CHECK_RC;

  rc = pskc_init (&container);
  PSKC_CHECK_RC;
  rc = pskc_parse_from_memory (container, len, buffer);
  PSKC_CHECK_RC;

  rc = pskc_verify_x509crt (container, argv[2], &valid_sig);
  PSKC_CHECK_RC;
  puts (valid_sig ? "OK" : "FAIL");

  pskc_done (container);
  pskc_global_done ();
}

You would compile and use the example like this.

1
2
3
4
jas@latte:~$ cc -o pskcverify pskcverify.c $(pkg-config --cflags --libs libpskc)
jas@latte:~$ ./pskcverify signed.xml pskc-root-crt.pem
OK
jas@latte:~$

For more background and information on how to generate the necessary private key and certificates, see the "pskctool" command line tool documentation.