The wsdl keyinfo section shows security info for my ssl cert. Is this normal? Can this be viewed by the client? Here is what mine looks like, I changed the value between X509Certificate:
<KeyInfo>
<X509Data>
<X509Certificate>
IIEqjCCApKgAwIBAgIQFhCbhuU2Y7FLY0J7OJrZdTANBgkqhkiG9w0
BAQUFADARMQ8wDQYDVQQDEwZGdXppb24wHhcNMTEwNTA5MD
QwMDAwWhcNMjEwNTE2MDQwMDAwWjARMQ8wDQYDVQQDEw
ZGdXppb24wggIiMA0GCSqGSIb3DQEBAQUAA4
</X509Certificate>
</X509Data>
</KeyInfo>
The certificate only contains your public key and extra information binding this public key to your identity (and the purpose for which it can be used).
.Net has an
X509Certificate2class which models certificates. This class also has an attribute to contain the private key, but this really just is for convenience: the private key isn’t part of the actual certificate.Using XML-Dsig (possibly via WSDL), the
KeyInfo/X509Data/X509Certificateelement only contains the X.509 certificate, in PEM form. This is normal as it allows the remote party to match the document’s signature against and identity: the document’s signature is verified against the certificate’s public key, and the identity is asserted by the certificate, the signature of which is verified against trusted CA certificates.If you didn’t have the public key, the remote party wouldn’t be able to verify the signature without priori knowledge of which key to expect.
If you didn’t have the certificate, which contains public key and identity-related assertions, the remote party wouldn’t be able to know who signed the document.