When i received the last one (3rd), they also send a PKCS#7 certificate chain. Now, i need to validate a XML File, signed, and i dont know what or how can i validate that... Now, i am validating the three certificates (it looks well), but when validating the signature it return a validation error: "javax.xml.crypto.dsig.XMLSignatureException: the keyselector did not find a validation key"
I think that possibly maybe i need to import or do something else with the PKCS#7 certificate chain that i received by email, but i dont know what to do...
Can you help me please!
Thanks a lot, Cristovao
Joined: Aug 10, 2006
I am not familiar with the XML security APIs, but I'm sure the concepts are the same as for other PKI applications. First, you must understand that the certified keypair that you have stored at alias vbvsign is used by you to sign documents, not to verify them. To verify a document that someone else has signed, you must have their certified public key. Most APIs, and probably also the XML APIs you are using, allow for this public key certificate to be included in the message itself. All that is required on your part is that you have the root CA that signed their public key in your trusted certificate store.