I'm working with a client that is sending me data that is both encoded and encrypted. They are supplying an xml document. The first task I need to perform is a basic validation to ensure the file has not been tampered with, and that it's from who I anticipate. According to my documentation, a particular XML node will contain a signature node that I can validate with the public key.
So after a lot of googling and some learning, I can see that their public key is nothing more than the SSL certification request file converted to Base64. So decoding it I can read some of the plain text, the rest looks like garbage characters (zalgo!). Anyhow, because they are not supplying to me an XML file with all the XMLSigning nodes I need such as a digest etc, I am unsure of what I need to do to validate their XML node signature against this public key. Anyone with any experence?
I tried hashing, encoding, decoding, combinations to 1 side, the other side, both sides, all of course never matching. Ideas?