I have a requirement to digitally sign a XML message. I was trying to use a Java Callout policy to make use of a custom java code for signing the message. But the challenge is how do I access the private and the public keys from my java code?

I went through some of the posts in the community where it says that Apigee does not allow access to files due to security reasons. I wanted to make sure whether this is correct. If so, is there no other way we can sign messages in Apigee? SAML is not an option for me.

Please advise.